1950
C
103: SFTP S
HAPTER
n
ERVICE
Network diagram
Figure 572 Network diagram for SFTP configuration (on routers)
SFTP server
Eth1/1
192 .168 .0 .1/24
Router B
Configuration procedure
1 Configure the SFTP server (Router B)
# Generate RSA and DSA key pairs and enable the SSH server.
<RouterB> system-view
[RouterB] public-key local create rsa
[RouterB] public-key local create dsa
[RouterB] ssh server enable
# Configure an IP address for interface Ethernet 1/1, which the client will use as
the destination for SSH connection.
[RouterB] interface ethernet 1/1
[RouterB-Ethernet1/1] ip address 192.168.0.1 255.255.255.0
[RouterB-Ethernet1/1] quit
# Set the authentication method of the user interfaces to AAA.
[RouterB] user-interface vty 0 4
[RouterB-ui-vty0 4] authentication-mode scheme
# Set the user privilege level to 3.
[RouterB-ui-vty0 4] user privilege level 3
# Enable the user interfaces to support SSH.
[RouterB-ui-vty0 4] protocol inbound ssh
[RouterB-ui-vty0 4] quit
# Create local user client001.
[RouterB] local-user client001
[RouterB-luser-client001] password simple aabbcc
[RouterB-luser-client001] service-type ssh
[RouterB-luser-client001] quit
# Set the SSH authentication method to password and service type to SFTP.
[RouterB] ssh user client001 service type to SFTP authentication-type password
If you set the SSH authentication method to publickey, you need to configure the
host public key of Router A. For the specific configuration, refer to
Publickey Authentication" on page
# Enable the SFTP server.
SFTP client
Eth1 /1
192 .168 .0 .2/24
Router A
1942.
"When Using