Sftp Configuration Example - H3C S3100 Series Operation Manual

If you specify to authenticate a client through public key on the server, the client needs to read the local
private key when logging in to the SFTP server. Since both RSA and DSA are available for public key
authentication, you need to use the identity-key key word to specify the algorithms to get correct local
private key; otherwise you will fail to log in. For details, see SSH Operation Manual.

SFTP Configuration Example

Network requirements
As shown in Figure
server (switch B). Log in to switch B through switch A to manage and transmit files. An SFTP user with
the user name "client001" and password "abc" exists on the SFTP server.
Network diagram
Figure 1-6 Network diagram for SFTP configuration
Configuration procedure
1) Configure the SFTP server (switch B)
# Create key pairs.
<Sysname> system-view
[Sysname] public-key local create rsa
[Sysname] public-key local create dsa
# Create a VLAN interface on the switch and assign to it an IP address, which is used as the destination
address for the client to connect to the SFTP server.
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ip address 192.168.0.1 255.255.255.0
[Sysname-Vlan-interface1] quit
# Specify the SSH authentication mode as AAA.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode scheme
# Configure the protocol through which the remote user logs in to the switch as SSH.
[Sysname-ui-vty0-4] protocol inbound ssh
[Sysname-ui-vty0-4] quit
# Create a local user client001.
[Sysname] local-user client001
[Sysname-luser-client001] password simple abc
[Sysname-luser-client001] service-type ssh
[Sysname-luser-client001] quit
1-6, establish an SSH connection between the SFTP client (switch A) and the SFTP
1-14