Configuration procedure

  • Configure the SCP server:

  • <SwitchB> system-view
    [SwitchB] public-key local create rsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++
    ++++++++++++++
    +++++
    ++++++++
    

    # Generate a DSA key pair.

    [SwitchB] public-key local create dsa
    The range of public key size is (512 ~ 2048).
    NOTES: If the key modulus is greater than 512,
    It will take a few minutes.
    Press CTRL+C to abort.
    Input the bits of the modulus[default = 1024]:
    Generating Keys...
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    +++++++++++++++++++++++++++++++++++
    

    # Generate an ECDSA key pair.

    [SwitchB] public-key local create ecdsa secp256r1
    Generating Keys... 
    

    # Enable the SSH server function.

    [SwitchB] ssh server enable
    

    # Configure an IP address for VLAN-interface 2. The client uses this address as the destination address for SCP connection.

    [SwitchB] interface vlan-interface 2
    [SwitchB-Vlan-interface2] ip address 192.168.0.1 255.255.255.0
    [SwitchB-Vlan-interface2] quit
    

    # Set the authentication mode to AAA for the user interfaces.

    [SwitchB] user-interface vty 0 15
    [SwitchB-ui-vty0-15] authentication-mode scheme
    

    # Enable the user interface to support SSH.

    [SwitchB-ui-vty0-15] protocol inbound ssh
    [SwitchB-ui-vty0-15] quit
    

    # Create a local user client001. Specify the password as aabbcc and service type as ssh for the user.

    [SwitchB] local-user client001
    [SwitchB-luser-client001] password simple aabbcc
    [SwitchB-luser-client001] service-type ssh
    [SwitchB-luser-client001] quit
    

    # Create an SSH user client001. Specify the service type as scp and authentication method as password for the user.

    [SwitchB] ssh user client001 service-type scp authentication-type password
    
  • Configure an IP address for VLAN-interface 2 on the SCP client.

  • <SwitchA> system-view
    [SwitchA] interface vlan-interface 2
    [SwitchA-Vlan-interface2] ip address 192.168.0.2 255.255.255.0
    [SwitchA-Vlan-interface2] quit
    [SwitchA] quit
    
  • Connect to the SCP server, download the file remote.bin from the server, and save it locally with the name local.bin.

  • <SwitchA> scp 192.168.0.1 get remote.bin local.bin
    Username: client001
    Trying 192.168.0.1 ...
    Press CTRL+K to abort
    Connected to 192.168.0.1 ...
    
    The Server is not authenticated. Continue? [Y/N]:y
    Do you want to save the server public key? [Y/N]:n
    Enter password:
    18471 bytes transfered in 0.001 seconds.