SCP configuration example
Unless otherwise noted, devices in the configuration examples operate in non-FIPS mode.
When you configure SCP on a device that operates in FIPS mode, follow these restrictions and
guidelines:
•
The modulus length of the key pair must be 2048 bits.
•
When the device acts as an SCP server, only RSA key pairs are supported. Do not generate a
DSA key pair on the SCP server.
Network requirements
As shown in
•
Router B uses the password authentication method.
•
The client's username and password are saved on Router B.
Establish an SCP connection between Router A and Router B, so you can log in to Router B to
transfer files.
Figure 130 Network diagram
Configuration procedure
1.
Configure the SCP server:
# Generate RSA key pairs.
<RouterB> system-view
[RouterB] public-key local create rsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
........................++++++
...................++++++
..++++++++
............++++++++
Create the key pair successfully.
# Generate a DSA key pair.
[RouterB] public-key local create dsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
Figure
130:
428