Generating Local Key Pairs; Establishing A Connection To An Scp Server - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Tasks at a glance
(Required.)
server
Generating local key pairs
Generate local key pairs on the SCP client when the SCP server uses the authentication method
publickey, password-publickey, or any.
Configuration restrictions and guidelines
When you generate local key pairs on an SCP client, follow these restrictions and guidelines:
•
Local DSA, ECDSA, and RSA key pairs for SSH use default names. You cannot assign names
to the key pairs.
•
The SCP client operating in FIPS mode supports only ECDSA and RSA key pairs.
•
The key modulus length must be less than 2048 bits when you generate a DSA key pair.
Configuration procedure
To generate local key pairs on the SCP client:
Step
1.
Enter system view.
2.
Generate local key pairs.
Establishing a connection to an SCP server
When you try to access an SCP server, the device must use the server's host public key to
authenticate the server. If the server's host public key is not configured on the device, the device will
notify you to confirm whether to continue with the access.
•
If you choose to continue, the device accesses the server and downloads the server's host
public key.
•
If you choose to not continue, the connection cannot be established.
As a best practice, configure the server's host public key on the device in an insecure network.
The client cannot establish connections to both IPv4 and IPv6 SCP servers.
To establish a connection to an IPv4 SCP server:
Task
Connect to an IPv4 SCP
server, and transfer files
with the server.
Establishing a connection to an SCP
Command
•
In non-FIPS mode:
scp server [ port-number ] [ vpn-instance
vpn-instance-name ] { put | get } source-file-name
[ destination-file-name ] [ identity-key { dsa |
ecdsa-sha2-nistp256 | ecdsa-sha2-nistp384 |
rsa | { x509v3-ecdsa-sha2-nistp384 |
x509v3-ecdsa-sha2-nistp256 } pki-domain
domain-name } | prefer-compress zlib |
prefer-ctos-cipher { 3des-cbc | aes128-cbc |
aes128-ctr | aes128-gcm | aes192-ctr |
aes256-cbc | aes256-ctr | aes256-gcm |
des-cbc } | prefer-ctos-hmac { md5 | md5-96 |
Remarks
N/A
Command
system-view
public-key local create { dsa |
ecdsa { secp256r1 | secp384r1 }
| rsa }
326
Remarks
N/A
By default, no local key pairs exist
on an SCP client.
Remarks
Available in user view.
Advertisement
Table of Contents
Troubleshooting
