Example: Configuring SCP with password authentication

Network configuration

As shown in Figure 143:

Figure 143: Network diagram

Procedure

  1. Configure the SCP server:

    # Generate RSA key pairs.

    <SwitchB> system-view
    [SwitchB] public-key local create rsa
    The range of public key modulus is (512 ~ 2048).
    If the key modulus is greater than 512, it will take a few minutes.
    Press CTRL+C to abort.
    Input the modulus length [default = 1024]:
    Generating Keys...
    ........................++++++
    ...................++++++
    ..++++++++
    ............++++++++
    Create the key pair successfully.
    

    # Generate a DSA key pair.

    [SwitchB] public-key local create dsa
    The range of public key modulus is (512 ~ 2048).
    If the key modulus is greater than 512, it will take a few minutes.
    Press CTRL+C to abort.
    Input the modulus length [default = 1024]:
    Generating Keys...
    .++++++++++++++++++++++++++++++++++++++++++++++++++*
    ........+......+.....+......................................+
    ...+.................+..........+...+.
    Create the key pair successfully.
    

    # Generate an ECDSA key pair.

    [SwitchB] public-key local create ecdsa secp256r1
    Generating Keys...
    .
    Create the key pair successfully.
    

    # Enable the SCP server.

    [SwitchB] scp server enable
    

    # Configure an IP address for VLAN-interface 2. The client uses this address as the destination for SCP connection.

    [SwitchB] interface vlan-interface 2
    [SwitchB-Vlan-interface2] ip address 192.168.0.1 255.255.255.0
    [SwitchB-Vlan-interface2] quit
    

    # Create a local device management user named client001.

    [SwitchB] local-user client001 class manage
    

    # Set the password to aabbcc in plain text for local user client001.

    [SwitchB-luser-manage-client001] password simple aabbcc
    

    # Authorize local user client001 to use the SSH service.

    [SwitchB-luser-manage-client001] service-type ssh
    

    # Assign the network-admin user role to local user client001.

    [SwitchB-luser-manage-client001] authorization-attribute user-role network-admin
    [SwitchB-luser-manage-client001] quit
    

    # Create an SSH user named client001. Specify the service type as scp and the authentication method as password for the user.

    [SwitchB] ssh user client001 service-type scp authentication-type password
    
  2. Configure an IP address for VLAN-interface 2 on the SCP client.

    <SwitchA> system-view
    [SwitchA] interface vlan-interface 2
    [SwitchA-Vlan-interface2] ip address 192.168.0.2 255.255.255.0
    [SwitchA-Vlan-interface2] quit
    [SwitchA] quit
    
  3. Connect to the SCP server, download file remote.bin from the server, and save it as a local file named local.bin.

    <SwitchA> scp 192.168.0.1 get remote.bin local.bin
    Username: client001
    Press CTRL+C to abort.
    Connecting to 192.168.0.1 port 22.
    The server is not authenticated. Continue? [Y/N]:y
    Do you want to save the server public key? [Y/N]:n
    client001@192.168.0.1’s password:
    remote.bin                                       100% 2875     2.8KB/s   00:00