Password authentication enabled SFTP server configuration example
Network requirements
As shown in Figure 101:
You can log in to the switch through the SFTP client that runs on the host.
The switch acts as the SFTP server and uses password authentication.
The username and password of the client are saved on the switch.
Figure 101: Network diagram
Configuration procedure
Configure the SFTP server:
# Generate RSA key pairs.
<Switch> system-view [Switch] public-key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++ ++++++++++++++ +++++ ++++++++
# Generate a DSA key pair.
[Switch] public-key local create dsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Press CTRL+C to abort. Input the bits of the modulus[default = 1024]: Generating Keys... ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++
# Generate an ECDSA key pair.
[Switch] public-key local create ecdsa secp256r1 Generating Keys...
# Enable the SSH server function.
[Switch] ssh server enable
# Enable the SFTP server.
[Switch] sftp server enable
# Configure an IP address for VLAN-interface 2. The client uses this address as the destination address for SSH connection.
[Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.1.45 255.255.255.0 [Switch-Vlan-interface2] quit
# Set the authentication mode to AAA for the user interfaces.
[Switch] user-interface vty 0 15 [Switch-ui-vty0-15] authentication-mode scheme
# Enable the user interface to support SSH.
[Switch-ui-vty0-15] protocol inbound ssh [Switch-ui-vty0-15] quit
# Configure a local user client002. Specify the password as aabbcc and service type as ssh for the user.
[Switch] local-user client002 [Switch-luser-client002] password simple aabbcc [Switch-luser-client002] service-type ssh [Switch-luser-client002] quit
# Create an SSH user client002. Specify the authentication method as password and service type as sftp for the user.
[Switch] ssh user client002 service-type sftp authentication-type password
Establish a connection between the SFTP client and the SFTP server:
The device supports a variety of SFTP client software. The following uses PSFTP of PuTTy version 0.58 as an example.
NOTE: PSFTP supports only password authentication. | ||
To establish a connection to the SFTP server:
Run the psftp.exe to launch the client interface as shown in Figure 102, and enter the following command:
open 192.168.1.45
Enter username client002 and password aabbcc as prompted to log in to the SFTP server.
Figure 102: SFTP client interface