HP FlexNetwork MSR Series Command Reference Manual page 649
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Syntax
In non-FIPS mode:
sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type
interface-number ] [ identity-key { dsa | ecdsa | rsa } | prefer-compress zlib | prefer-ctos-cipher
{ 3des-cbc | aes128-cbc | aes256-cbc | des-cbc } | prefer-ctos-hmac { md5 | md5-96 | sha1 |
sha1-96 } | prefer-kex { dh-group-exchange-sha1 | dh-group1-sha1 | dh-group14-sha1 } |
prefer-stoc-cipher { 3des-cbc | aes128-cbc | aes256-cbc | des-cbc } | prefer-stoc-hmac { md5 |
md5-96 | sha1 | sha1-96 } ] * [ dscp dscp-value | public-key keyname | source { interface
interface-type interface-number | ipv6 ipv6-address } ] *
In FIPS mode:
sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type
interface-number ] [ identity-key { ecdsa | rsa } | prefer-compress zlib | prefer-ctos-cipher
{ aes128-cbc | aes256-cbc } | prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14-sha1
| prefer-stoc-cipher { aes128-cbc | aes256-cbc } | prefer-stoc-hmac { sha1 | sha1-96 } ] *
[ public-key keyname | source { interface interface-type interface-number | ipv6 ipv6-address } ] *
Views
User view
Predefined user roles
network-admin
Parameters
server: Specifies a server by its IPv6 address or host name, a case-insensitive string of 1 to 253
characters.
port-number: Specifies the port number of the server, in the range of 1 to 65535. The default is 22.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the server belongs.
The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters.
-i interface-type interface-number: Specifies an output interface by its type and number for IPv6
SFTP packets. This option is used only when the server uses a link-local address to provide the
SFTP service for the client. The specified output interface on the SFTP client must have a link-local
address.
identity-key: Specifies a public key algorithm for the client. The default is dsa in non-FIPS mode and
is rsa in FIPS mode. If the server uses publickey authentication, you must specify this keyword. The
client generates the digital signature by using the local private key that is associated with the
specified algorithm.
•
dsa: Specifies the public key algorithm dsa.
•
ecdsa: Specifies the public key algorithm ecdsa.
•
rsa: Specifies the public key algorithm rsa.
prefer-compress: Specifies the preferred compression algorithm between the server and the client.
By default, compression is not supported.
zlib: Specifies the compression algorithm zlib.
prefer-ctos-cipher: Specifies the preferred client-to-server encryption algorithm. The default is
aes128-cbc. Supported algorithms are des-cbc, 3des-cbc, aes128-cbc, and aes256-cbc, in
ascending order of security strength and computation time.
•
3des-cbc: Specifies the encryption algorithm 3des-cbc.
•
des-cbc: Specifies the encryption algorithm des-cbc.
•
aes128-cbc: Specifies the encryption algorithm aes128-cbc.
•
aes256-cbc: Specifies the encryption algorithm aes256-cbc.
631
Advertisement
