Password authentication enabled SFTP server configuration example

Network requirements

As shown in Figure 101:

Figure 101: Network diagram

Configuration procedure

  • Configure the SFTP server:

  • # Generate RSA key pairs.

    <Switch> system-view
    [Switch] public-key local create rsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++
    ++++++++++++++
    +++++
    ++++++++
    

    # Generate a DSA key pair.

    [Switch] public-key local create dsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++
    

    # Generate an ECDSA key pair.

    [Switch] public-key local create ecdsa secp256r1
    Generating Keys... 
    

    # Enable the SSH server function.

    [Switch] ssh server enable
    

    # Enable the SFTP server.

    [Switch] sftp server enable
    

    # Configure an IP address for VLAN-interface 2. The client uses this address as the destination address for SSH connection.

    [Switch] interface vlan-interface 2
    [Switch-Vlan-interface2] ip address 192.168.1.45 255.255.255.0
    [Switch-Vlan-interface2] quit
    

    # Set the authentication mode to AAA for the user interfaces.

    [Switch] user-interface vty 0 15
    [Switch-ui-vty0-15] authentication-mode scheme
    

    # Enable the user interface to support SSH.

    [Switch-ui-vty0-15] protocol inbound ssh
    [Switch-ui-vty0-15] quit
    

    # Configure a local user client002. Specify the password as aabbcc and service type as ssh for the user.

    [Switch] local-user client002
    [Switch-luser-client002] password simple aabbcc
    [Switch-luser-client002] service-type ssh
    [Switch-luser-client002] quit
    

    # Create an SSH user client002. Specify the authentication method as password and service type as sftp for the user.

    [Switch] ssh user client002 service-type sftp authentication-type password
    
  • Establish a connection between the SFTP client and the SFTP server:

  • The device supports a variety of SFTP client software. The following uses PSFTP of PuTTy version 0.58 as an example.


    [NOTE: ]

    NOTE:

    PSFTP supports only password authentication.


    To establish a connection to the SFTP server:

    1. Run the psftp.exe to launch the client interface as shown in Figure 102, and enter the following command:

      open 192.168.1.45
      
    2. Enter username client002 and password aabbcc as prompted to log in to the SFTP server.

    Figure 102: SFTP client interface