H3C S5830V2 Security Configuration Manual page 186
Hide thumbs
Also See for S5830V2:
- Configuration manual (318 pages) ,
- Command reference manual (301 pages) ,
- Installation manual (63 pages)
Table of Contents
Advertisement
When an SFTP client accesses an SFTP server, it uses the locally saved host public key of the server to
authenticate the server. When acting as an SFTP client, the device supports the first authentication by
default. When the device accesses an SFTP server for the first time but it is not configured with the host
public key of the SFTP server, it can access the server and locally save the server's host public key for
future use. In a secure network, the first authentication can simplify the configuration on the SFTP client,
but it is not reliable.
To establish a connection to an SFTP server:
Task
Command
•
Establish a
•
connection to an
SFTP server.
Establish a connection to an IPv4 SFTP server:
In non-FIPS mode:
sftp server [ port-number ] [ vpn-instance
vpn-instance-name ] [ identity-key { dsa | rsa } |
prefer- compress zlib | prefer-ctos-cipher { 3des |
aes128 | aes256 | des } | prefer-ctos-hmac { md5 |
md5-96 | sha1 | sha1-96 } | prefer-kex
{ dh-group-exchange | dh-group1 | dh-group14 } |
prefer-stoc-cipher { 3des | aes128 | aes256 | des } |
prefer-stoc-hmac { md5 | md5-96 | sha1 |
sha1-96 } ] * [ publickey keyname | source { interface
interface-type interface-number | ip ip-addres} ] *
In FIPS mode:
sftp server [ port-number ] [ vpn-instance
vpn-instance-name ] [ identity-key rsa |
prefer-compress zlib | prefer-ctos-cipher { aes128 |
aes256 } | prefer-ctos-hmac { sha1 | sha1-96 } |
prefer-kex dh-group14 | prefer-stoc-cipher { aes128
| aes256 } | prefer-stoc-hmac { sha1 | sha1-96 } ] *
[ publickey keyname | source { interface
interface-type interface-number | ip ip-address } ] *
Establish a connection to an IPv6 SFTP server:
In non-FIPS mode:
sftp ipv6 server [ port-number ] [ vpn-instance
vpn-instance-name ] [ -i interface-type
interface-number ] [ identity-key { dsa | rsa } | prefer-
compress zlib | prefer-ctos-cipher { 3des | aes128 |
aes256 | des } | prefer-ctos-hmac { md5 | md5-96 |
sha1 | sha1-96 } | prefer-kex { dh-group-exchange |
dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des
| aes128 | aes256 | des } | prefer-stoc-hmac { md5
| md5-96 | sha1 | sha1-96 } ] * [ publickey keyname
| source { interface interface-type interface-number |
ipv6 ipv6-addres} ] *
In FIPS mode:
sftp ipv6 server [ port-number ] [ vpn-instance
vpn-instance-name ] [ -i interface-type
interface-number ] [ identity-key rsa |
prefer-compress zlib | prefer-ctos-cipher { aes128 |
aes256 } | prefer-ctos-hmac { sha1 | sha1-96 } |
prefer-kex dh-group14 | prefer-stoc-cipher { aes128
| aes256 } | prefer-stoc-hmac { sha1 | sha1-96 } ] *
[ publickey keyname | source { interface
interface-type interface-number | ipv6 ipv6-addres} ]
*
172
Remarks
Use one of the commands.
Available in user view.
Advertisement
Table of Contents
Troubleshooting
