Password authentication enabled SFTP server configuration example

As shown in Figure 104:

• You can log in to the switch through the SFTP client that runs on the host.

• After login, you are assigned the user role network-admin to execute file management and transfer operations.

• The switch acts as the SFTP server and uses password authentication.

• The username and password of the client are saved on the switch.

1. Configure the SFTP server:

   # Generate RSA key pairs.

   <Switch> system-view
   [Switch] public-key local create rsa
   The range of public key size is (512 ~ 2048).
   If the key modulus is greater than 512, it will take a few minutes.
   Press CTRL+C to abort.
   Input the modulus length [default = 1024]:
   Generating Keys...
   ........................++++++
   ...................++++++
   ..++++++++
   ............++++++++
   Create the key pair successfully.
   

   # Generate a DSA key pair.

   [Switch] public-key local create dsa
   The range of public key size is (512 ~ 2048).
   If the key modulus is greater than 512, it will take a few minutes.
   Press CTRL+C to abort.
   Input the modulus length [default = 1024]:
   Generating Keys...
   .++++++++++++++++++++++++++++++++++++++++++++++++++*
   ........+......+.....+......................................+
   ...+.................+..........+...+
   Create the key pair successfully.
   

   # Generate an ECDSA key pair.

   [Switch] public-key local create ecdsa secp256r1
   Generating Keys...
   .
   Create the key pair successfully.
   

   # Enable the SFTP server.

   [Switch] sftp server enable
   

   # Assign an IP address to VLAN-interface 2. The SFTP client uses the address as the destination for SSH connection.

   [Switch] interface vlan-interface 2
   [Switch-Vlan-interface2] ip address 192.168.1.45 255.255.255.0
   [Switch-Vlan-interface2] quit
   

   # Create a local device management user client002. Specify the plaintext password as aabbcc and the service type as ssh for the user. Assign the user role network-admin and the working directory flash:/ to the user.

   [Switch] local-user client002 class manage
   [Switch-luser-manage-client002] password simple aabbcc
   [Switch-luser-manage-client002] service-type ssh
   [Switch-luser-manage-client002] authorization-attribute user-role network-admin work-directory flash:/
   [Switch-luser-manage-client002] quit
   

   # Create an SSH user client002. Specify the authentication method as password and the service type as sftp for the user.

   [Switch] ssh user client002 service-type sftp authentication-type password
   

2. Establish a connection between the SFTP client and the SFTP server:

   The device supports different types of SFTP client software. This example uses an SFTP client that runs PSFTP of PuTTy version 0.58.

   	NOTE: PSFTP supports only password authentication.

   To establish a connection to the SFTP server:

   1. Run the psftp.exe to launch the client interface shown in Figure 105, and enter the following command:

      open 192.168.1.45
      

   2. Enter username client002 and password aabbcc as prompted to log in to the SFTP server.

      Figure 105: SFTP client interface