Task
Establish a
connection to an
IPv6 SFTP
server.
Deleting server public keys saved in the public key file on the
SFTP client
When the SFTP client switches to FIPS mode but the locally saved server public key does not
comply with FIPS, the client cannot connect to the server. To connect to the server, delete the server
public key saved on the client and make sure a FIPS-compliant public key has been generated on
the server.
To delete server public keys saved in the public key file on the SFTP client:
Step
1.
Enter system view.
Command
•
In non-FIPS mode:
sftp ipv6 server [ port-number ] [ vpn-instance
vpn-instance-name ] [ -i interface-type
interface-number ] [ identity-key { dsa |
ecdsa-sha2-nistp256 | ecdsa-sha2-nistp384 | rsa |
{ x509v3-ecdsa-sha2-nistp384 |
x509v3-ecdsa-sha2-nistp256 } pki-domain
domain-name } | prefer-compress zlib |
prefer-ctos-cipher { 3des-cbc | aes128-cbc |
aes128-ctr | aes128-gcm | aes192-ctr | aes256-cbc
| aes256-ctr | aes256-gcm | des-cbc } |
prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 |
sha2-256 | sha2-512 } | prefer-kex
{ dh-group-exchange-sha1 | dh-group1-sha1 |
dh-group14-sha1 | ecdh-sha2-nistp256 |
ecdh-sha2-nistp384 } | prefer-stoc-cipher
{ 3des-cbc | aes128-cbc | aes128-ctr | aes128-gcm
| aes192-ctr | aes256-cbc | aes256-ctr |
aes256-gcm | des-cbc } | prefer-stoc-hmac { md5 |
md5-96 | sha1 | sha1-96 | sha2-256 | sha2-512 } ] *
[ dscp dscp-value | { public-key keyname |
server-pki-domain domain-name } | source
{ interface interface-type interface-number | ipv6
ipv6-address } ] *
•
In FIPS mode:
sftp ipv6 server [ port-number ] [ vpn-instance
vpn-instance-name ] [ -i interface-type
interface-number ] [ identity-key
{ ecdsa-sha2-nistp256 | ecdsa-sha2-nistp384 | rsa
| { x509v3-ecdsa-sha2-nistp384 |
x509v3-ecdsa-sha2-nistp256 } pki-domain
domain-name } | prefer-compress zlib |
prefer-ctos-cipher { aes128-cbc | aes128-ctr |
aes128-gcm | aes192-ctr | aes256-cbc | aes256-ctr
| aes256-gcm } | prefer-ctos-hmac { sha1 | sha1-96
| sha2-256 | sha2-512 } | prefer-kex
{ dh-group14-sha1 | ecdh-sha2-nistp256 |
ecdh-sha2-nistp384 } | prefer-stoc-cipher
{ aes128-cbc | aes128-ctr | aes128-gcm |
aes192-ctr | aes256-cbc | aes256-ctr |
aes256-gcm } | prefer-stoc-hmac { sha1 | sha1-96 |
sha2-256 | sha2-512 } ] * [ { public-key keyname |
server-pki-domain domain-name } | source
{ interface interface-type interface-number | ipv6
ipv6-address } ] *
Command
system-view
416
Remarks
Available in user view.