When you configure SCP on a device that operates in FIPS mode, follow these guidelines:
•
The modulus length of the key pair must be 2048 bits.
•
When the device acts as the SCP server, only RSA key pairs are supported. Do not generate a
DSA key pair on the SCP server.
Network requirements
As shown in
•
Switch B acts as the SCP server and uses password authentication.
•
The client's username and password are saved on Switch B.
Establish an SCP connection between Switch A and Switch B, so you can log in to Switch B to
execute file transfer operations.
Figure 47 Network diagram
Configuration procedure
1.
Configure the SCP server:
# Generate RSA key pairs.
<SwitchB> system-view
[SwitchB] public-key local create rsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
........................++++++
...................++++++
..++++++++
............++++++++
Create the key pair successfully.
# Generate a DSA key pair.
[SwitchB] public-key local create dsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+
...+.................+..........+...+.
Create the key pair successfully.
# Enable the SCP server.
Figure
47:
176