SFTP server configuration example

Unless otherwise noted, devices in the configuration example are operating in non-FIPS mode.

Network requirements

As shown in Figure 90, an SSH connection is required between the host and the switch. The host, an SFTP client, needs to log in to the switch for file management and file transfer. Use password authentication and configure the username client002 and the password aabbcc for the client on the switch.

Figure 90: Network diagram

Configuration procedure

  • Configure the SFTP server:

  • # Generate RSA key pairs.

    <Switch> system-view
    [Switch] public-key local create rsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++
    ++++++++++++++
    +++++
    ++++++++
    

    # Generate a DSA key pair.

    [Switch] public-key local create dsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++
    

    # Enable the SSH server.

    [Switch] ssh server enable
    

    # Enable the SFTP server.

    [Switch] sftp server enable
    

    # Configure an IP address for VLAN-interface 1, which the client will use as the destination for SSH connection.

    [Switch] interface vlan-interface 1
    [Switch-Vlan-interface1] ip address 192.168.1.45 255.255.255.0
    [Switch-Vlan-interface1] quit
    

    # Set the authentication mode of the user interfaces to AAA.

    [Switch] user-interface vty 0 15
    [Switch-ui-vty0-15] authentication-mode scheme
    

    # Enable the user interfaces to support SSH.

    [Switch-ui-vty0-15] protocol inbound ssh
    [Switch-ui-vty0-15] quit
    

    # Configure a local user named client002 with the password being aabbcc and the service type being SSH.

    [Switch] local-user client002
    [Switch-luser-client002] password simple aabbcc
    [Switch-luser-client002] service-type ssh
    [Switch-luser-client002] quit
    

    # Configure the user authentication method as password and service type as SFTP.

    [Switch] ssh user client002 service-type sftp authentication-type password
    
  • Establish a connection between the SFTP client and the SFTP server:

  • The switch supports a variety of SFTP client software. The following example uses PSFTP of PuTTy Version 0.58.


    [NOTE: ]

    NOTE:

    PSFTP supports only password authentication.


    To establish a connection to the remote SFTP server:

    1. Run the psftp.exe to launch the client interface as shown in Figure 91, and enter the following command:

      open 192.168.1.45
      
    2. Enter username client002 and password aabbcc as prompted to log in to the SFTP server.

    Figure 91: SFTP client interface