Establishing A Connection To An Sftp Server - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Step
1.
Enter system view.
2.
Specify the source
address for SFTP
packets.
Establishing a connection to an SFTP server
When you try to access an SFTP server, the device must use the server's host public key to
authenticate the server. If the server's host public key is not configured on the device, the device will
notify you to confirm whether to continue with the access.
•
If you choose to continue, the device accesses the server and downloads the server's host
public key.
•
If you choose to not continue, the connection cannot be established.
As a best practice, configure the server's host public key on the device in an insecure network.
After the connection is established, you are in SFTP client view of the server and can perform file or
directory operations.
The client cannot establish connections to both IPv4 and IPv6 SFTP servers.
To establish a connection to an IPv4 SFTP server:
Task
Establish a
connection to an
IPv4 SFTP
server.
Command
system-view
•
Specify the source IPv4 address
for SFTP packets:
sftp client source { ip ip-address
| interface interface-type
interface-number }
•
Specify the source IPv6 address
for SFTP packets:
sftp client ipv6 source { ipv6
ipv6-address | interface
interface-type interface-number }
Command
•
In non-FIPS mode:
sftp server [ port-number ] [ vpn-instance
vpn-instance-name ] [ identity-key { dsa |
ecdsa-sha2-nistp256 | ecdsa-sha2-nistp384 | rsa |
{ x509v3-ecdsa-sha2-nistp384 |
x509v3-ecdsa-sha2-nistp256 } pki-domain
domain-name } } | prefer-compress zlib |
prefer-ctos-cipher { 3des-cbc | aes128-cbc |
aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc
| aes256-ctr | aes256-gcm | des-cbc } |
prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 |
sha2-256 | sha2-512 } | prefer-kex
{ dh-group-exchange-sha1 | dh-group1-sha1 |
dh-group14-sha1 | ecdh-sha2-nistp256 |
ecdh-sha2-nistp384 } | prefer-stoc-cipher
{ 3des-cbc | aes128-cbc | aes128-ctr | aes128-gcm
| aes192-ctr | aes256-cbc | aes256-ctr |
aes256-gcm | des-cbc } | prefer-stoc-hmac { md5 |
md5-96 | sha1 | sha1-96 | sha2-256 | sha2-512 } ] *
[ dscp dscp-value | { public-key keyname |
server-pki-domain domain-name } | source
{ interface interface-type interface-number | ip
ip-addres} ] *
•
In FIPS mode:
322
Remarks
N/A
By default, the source IP address
for SFTP packets is not
configured. For IPv4 SFTP
packets, the device uses the
primary IPv4 address of the
output interface specified in the
routing entry as the source
address of the packets. For IPv6
SFTP packets, the device
automatically selects an IPv6
address as the source address of
the packets in compliance with
RFC 3484.
Remarks
Available in user view.
Advertisement
Table of Contents
Troubleshooting
