Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual

2-6

Figure 2-1 Network diagram for SFTP client configuration (on a switch)

Configuration procedure

1) Configure the SFTP server (Switch B)

# Generate RSA and DSA key pairs and enable the SSH server.

<SwitchB> system-view

[SwitchB] public-key local create rsa

[SwitchB] public-key local create dsa

[SwitchB] ssh server enable

# Enable the SFTP server.

[SwitchB] sftp server enable

# Configure an IP address for VLAN interface 1, which the SSH client uses as the destination for SSH

connection.

[SwitchB] interface vlan-interface 1

[SwitchB-Vlan-interface1] ip address 192.168.0.1 255.255.255.0

[SwitchB-Vlan-interface1] quit

# Set the authentication mode on the user interfaces to AAA.

[SwitchB] user-interface vty 0 4

[SwitchB-ui-vty0-4] authentication-mode scheme

# Set the protocol that a remote user uses to log in as SSH.

[SwitchB-ui-vty0-4] protocol inbound ssh

[SwitchB-ui-vty0-4] quit

Before performing the following tasks, you must generate use the client software to generate RSA key

pairs on the client, save the host public key in a file named pubkey, and then upload the file to the SSH

server through FTP or TFTP. For details, refer to

Configure the SFTP client (Switch A)

below.

# Import the peer public key from the file pubkey.

[SwitchB] public-key peer Switch001 import sshkey pubkey

# For user client001, set the service type as SFTP, authentication type as publickey, public key as

Switch001, and working folder as flash:/

[SwitchB] ssh user client001 service-type sftp authentication-type publickey assign

publickey Switch001 work-directory flash:/

2) Configure the SFTP client (Switch A)