Using Secure Copy And Sftp - HP ProCurve 6120G/XG Configuration Manual

File Transfers
Downloading Switch Software

Using Secure Copy and SFTP

For some situations you may want to use a secure method to issue commands
or copy files to the switch. By opening a secure, encrypted SSH session and
enabling ip ssh file transfer, you can then use a third-party software application
to take advantage of Secure Copy (SCP) and Secure ftp (SFTP). SCP and SFTP
provide a secure alternative to TFTP for transferring information that may be
sensitive (like switch configuration files) to and from the switch. Essentially
you are creating a secure SSH tunnel as a way to transfer files with SFTP and
SCP channels.
To use these commands you must install on the administrator workstation a
third-party application software client that supports the SFTP and/or SCP
functions. Some examples of software that supports SFTP and SCP are
PuTTY, Open SSH, WinSCP, and SSH Secure Shell. Most of these are freeware
and may be downloaded without cost or licensing from the internet. There are
differences in the way these clients work, so be sure you also download the
documentation.
As described earlier in this chapter you can use a TFTP client on the admin­
istrator workstation to update software images. This is a plain text mechanism
and it connects to a standalone TFTP server or another ProCurve switch
acting as a TFTP server to obtain the software image file(s). Using SCP and
SFTP allows you to maintain your switches with greater security. You can also
roll out new software images with automated scripts that make it easier to
upgrade multiple switches simultaneously and securely.
SFTP (secure file transfer protocol) is unrelated to FTP, although there are
some functional similarities. Once you set up an SFTP session through an SSH
tunnel, some of the commands are the same as FTP commands. Certain
commands are not allowed by the SFTP server on the switch, such as those
that create files or folders. If you try to issue commands such as create or
remove using SFTP the switch server returns an error message.
You can use SFTP just as you would TFTP to transfer files to and from the
switch, but with SFTP your file transfers are encrypted and require authenti­
cation, so they are more secure than they would be using TFTP. SFTP works
only with SSH version 2 (SSH v2).
N o t e
SFTP over SSH version 1 (SSH v1) is not supported. A request from either the
client or the switch (or both) using SSH v1 generates an error message. The
actual text of the error message differs, depending on the client software in
use. Some examples are:
A-12