Table of Contents
Advertisement
-rwxrwxrwx
sftp>
# Exit SFTP client view.
sftp> quit
<SwitchA>
SFTP configuration example based on 192-bit Suite B
algorithms
Network requirements
As shown in
•
Switch A acts as an SFTP client (SSH2).
•
Switch B acts as the SFTP server (SSH2), and it uses publickey authentication.
•
Switch B uses the following algorithms for the algorithm negotiation with the SFTP client:
Key exchange algorithm ecdh-sha2-nistp384.
Encryption algorithm aes256-gcm.
Public key algorithm x509v3-ecdsa-sha2-nistp384.
Configure Switch A to establish an SFTP connection to Switch B based on the 192-bit Suite B
algorithms. After the connection is established, you can log in to Switch B to manage and transfer
files.
Figure 110 Network diagram
Configuration procedure
1.
Generate the client's certificate and the server's certificate. (Details not shown.)
You must first configure the certificates of the server and the client because they are required
for identity authentication between the two parties.
In this example, the server's certificate file is ssh-server-ecdsa384.p12 and the client's
certificate file is ssh-client-ecdsa384.p12.
2.
Configure the SFTP client:
NOTE:
You can modify the pkix version of the client software OpenSSH to support Suite B. This example
uses an HPE switch as an SFTP client.
# Upload the server's certificate file ssh-server-ecdsa384.p12 and the client's certificate file
ssh-client-ecdsa384.p12 to the SFTP client through FTP or TFTP. (Details not shown.)
# Create a PKI domain named server384 for verifying the server's certificate and enter its view.
<SwitchA> system-view
[SwitchA] pki domain server384
# Disable CRL checking.
[SwitchA-pki-domain-server384] undo crl check enable
[SwitchA-pki-domain-server384] quit
# Import the local certificate file ssh-server-ecdsa384.p12 to the PKI domain server384.
1 noone
nogroup
Figure
110:
283 Sep 02 06:36 puk
370
Advertisement
Table of Contents
Troubleshooting
