Password authentication enabled SFTP server configuration example
Network requirements
As shown in Figure 114:
The switch acts as the SFTP server and uses password authentication.
The username and password of the client are saved on the switch.
Establish an SFTP connection between the host and the switch, so that you can log in to the switch to manage and transfer files.
Figure 113: Network diagram
Configuration procedure
Configure the SFTP server:
# Generate RSA key pairs.
<Switch> system-view [Switch] public-key local create rsa The range of public key modulus is (512 ~ 2048). If the key modulus is greater than 512, it will take a few minutes. Press CTRL+C to abort. Input the modulus length [default = 1024]: Generating Keys... ........................++++++ ...................++++++ ..++++++++ ............++++++++ Create the key pair successfully.
# Generate a DSA key pair.
[Switch] public-key local create dsa The range of public key modulus is (512 ~ 2048). If the key modulus is greater than 512, it will take a few minutes. Press CTRL+C to abort. Input the modulus length [default = 1024]: Generating Keys... .++++++++++++++++++++++++++++++++++++++++++++++++++* ........+......+.....+......................................+ ...+.................+..........+...+ Create the key pair successfully.
# Generate an ECDSA key pair.
[Switch] public-key local create ecdsa secp256r1 Generating Keys... . Create the key pair successfully.
# Enable the SFTP server.
[Switch] sftp server enable
# Assign an IP address to VLAN-interface 2. The client uses this address as the destination for SSH connection.
[Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.45 255.255.255.0 [Switch-Vlan-interface2] quit
# Create a local device management user named client002.
[Switch] local-user client002 class manage
# Set the password to aabbcc in plain text for local user client002.
[Switch-luser-manage-client002] password simple aabbcc
# Authorize local user client002 to use the SSH service.
[Switch-luser-manage-client002] service-type ssh
# Assign the network-admin user role and working directory flash:/ to local user client002.
[Switch-luser-manage-client002] authorization-attribute user-role network-admin work-directory flash:/ [Switch-luser-manage-client002] quit
# Create an SSH user named client002. Specify the authentication method as password and service type as sftp for the user.
[Switch] ssh user client002 service-type sftp authentication-type password
Establish a connection between the SFTP client and the SFTP server:
The device supports different types of SFTP client software. This example uses an SFTP client that runs PSFTP of PuTTy version 0.58.
To establish a connection to the SFTP server:
Run the psftp.exe to launch the client interface shown in Figure 115, and enter the following command:
open 192.168.1.45
Enter username client002 and password aabbcc as prompted to log in to the SFTP server.
Figure 114: SFTP client interface
NOTE: PSFTP supports only password authentication. | ||