H3C S7500 Series Operating instructions

Brand: H3C

Model: S7500 Series

Type: Operating instructions

The H3C S7500 Series, your newly acquired Ethernet switch, stands out with its robust security features and extensive connectivity options. You'll appreciate its secure shell (SSH) functionality, enabling encrypted communication and strong authentication to safeguard your network. Additionally, SSH terminal service empowers you with remote access and management capabilities, enhancing your network's efficiency and flexibility.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Table of Contents

Table of Contents

Chapter 1 SSH Terminal Service Configuration.........................................................................1-1

1.1 SSH Terminal Services......................................................................................................1-1

1.1.1 Introduction to SSH.................................................................................................1-1

1.1.2 Configuring an SSH Server.....................................................................................1-2

1.1.3 Configuring an SSH Client...................................................................................... 1-7

1.1.4 Displaying SSH Configuration.................................................................................1-8

1.1.5 SSH Server Configuration Example........................................................................ 1-9

1.1.6 SSH Client Configuration Example.......................................................................1-11

1.2 SFTP Service...................................................................................................................1-13

1.2.1 SFTP Overview.....................................................................................................1-13

1.2.2 SFTP Server Configuration...................................................................................1-13

1.2.3 SFTP Client Configuration ....................................................................................1-14

1.2.4 SFTP Configuration Example................................................................................1-17

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-1

Chapter 1 SSH Terminal Service Configuration

1.1 SSH Terminal Services

This section covers these topics:

z Introduction to SSH

z Configuring an SSH Server

z Configuring an SSH Client

z Displaying SSH Configuration

z SSH Server Configuration Example

z SSH Client Configuration Example

1.1.1 Introduction to SSH

Secure shell (SSH) can provide information security and powerful authentication to

prevent such assaults as IP address spoofing, plain-text password interception when

users log on to the Switch remotely in an insecure network environment.

As an SSH server, a switch can connect to multiple SSH clients; as an SSH client, a

switch can establish SSH connections with switches or UNIX hosts that support SSH

server.

Currently, the S7500 series switches support SSH2.0 (compatible with SSH1.5).

The communication process between the server and client includes the following five

stages:

1) Version negotiation stage. The following operations are completed at this stage:

z The client sends TCP connection requests to the server.

z When a TCP connection is established, both ends begin to negotiate the SSH

version.

z If they can work together in harmony, they enter the key algorithm negotiation

stage. Otherwise the server removes the TCP connection.

2) Key and algorithm negotiation stage. The following operations are completed at

this stage:

z The server and the client send key algorithm negotiation packets to each other,

which include the supported server-side public key algorithm list, encryption

algorithm list, MAC algorithm list, and compression algorithm list.

z Based on the received algorithm negotiation packets, the server and the client

figure out the algorithms to be used.

z The server and the client use the DH key exchange algorithm and parameters

such as the host key pair to generate the session key and session ID.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-2

Through the above steps, the server and the client get the same session key, which is

to be used to encrypt and decrypt data exchanged between the server and the client

later. The server and the client use session ID in the authentication stage.

3) Authentication stage

The client sends to the server an authentication request, which includes the username

and authentication method, and the server starts to authenticate the client.

SSH provides two authentication methods: password authentication and RSA

authentication.

For password authentication:

z The client encrypts the username and password, encapsulates them into a

password authentication request, and sends the request to the server.

z Upon receiving the request, the server decrypts the username and password,

compares them against those it maintains, and then informs the client of the

authentication result.

For RSA authentication:

z The client sends to the server an RSA authentication request containing its RSA

public key modulus.

z The server validates the modulus. If the modulus is invalid, the authentication fails;

otherwise, the server generates a 32-byte random number, converts it to a

multiple precision (MP) integer (MSB first), encrypts it using the RSA public key

from the client, and then sends a challenge to the client.

z Upon receiving the challenge, the client decrypts it with its private key and gets an

MP integer, creates an MD5 value using the MP integer and the session ID, and

then encrypts and sends the MD5 value to the server.

z After receiving the encrypted MD5 value, the server decrypts it to obtain the MD5

value and compares it with that locally calculated. If they match, the authentication

succeeds.

4) Session request stage. The client sends session request messages to the server

which processes the request messages.

5) Interactive session stage. Both ends exchange data till the session ends.

1.1.2 Configuring an SSH Server

The following table describes SSH server configuration tasks.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-3

Table 1-1 Configure SSH2.0 server

To do… Use the command… Remarks

Configure supported

protocols

protocol inbound

See Configuring

supported protocols

Generate a local RSA key pair

rsa local-key-pair create

Destroy a local RSA key pair

rsa local-key-pair destroy

See

Generating or

destroying RSA key

pairs

Create an SSH user

ssh user username

See

Creating an

SSH user

Specify a default

authentication type for SSH

users

ssh authentication-type

default

Configure authentication type

for SSH users

ssh user username

authentication-type

See

Configuring

authentication type

Set SSH authentication

timeout time

ssh server timeout

Set SSH authentication retry

times

ssh server

authentication-retries

Set the update interval for the

server key

ssh server rekey-interval

Specify the server to be

compatible with the

SSH1.x-supported client.

ssh server

compatible-ssh1x enable

See

Configuring

SSH attributes for

the server

Allocate public keys for SSH

users

ssh user username assign

rsa-key keyname

See Configuring

client public keys

I. Configuring supported protocols

Table 1-2 Configure supported protocols

To do... Use the command... Remarks

Enter system view

system-view

—

Enter one or multiple

user interface views

user-interface

[ type-keyword ] number

[ ending-number ]

Required

Set the login

authentication method

authentication-mode

scheme

[ command-authorization ]

Required

Configure the

protocols supported in

the user interface

view(s)

protocol inbound { all |ssh |

telnet }

Optional

By default, the system

supports both Telnet and

SSH.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-4

Caution:

z When SSH protocol is supported in the current user interface, to ensure a

successful login, you must use the authentication-mode scheme command to

configure the AAA authentication for login to the user interface.

z The protocol inbound ssh configuration fails if you configured the

authentication-mode password command or the authentication-mode none

command. When you configure SSH protocol successfully for the user interface,

then you cannot configure the authentication-mode password command or the

authentication-mode none command any more.

II. Generating or destroying RSA key pairs

This configuration task is used to generate or destroy the RSA key pairs on the server

end. Generating RSA key pairs on the server end is a prerequisite for SSH login. After

you execute this command, the system will prompt you to specify the key length in bits.

The length range is from 512 bits to 2048 bits, and defaults to 1024 bits. If there already

exist key pairs, the system will prompt you whether to replace the old ones.

 Note:

Server RSA key pairs (H3C_Server) is not used in SSH2.0; therefore, when the rsa

local-key-pair create command is executed, the system only prompts you the host

RSA key pair (H3C_Host) is generated, and does not inform you the information about

the server RSA key pair even if the server RSA key pair is generated in the background

for the purpose of SSH1.x compatibility. You can use the display rsa local-key-pair

public command to display the generated key pairs.

Table 1-3 Generate or destroy RSA key pairs

To do... Use the command... Remarks

Enter system view

system-view

—

Generate a local RSA key pair

rsa local-key-pair create

Required

Destroy a local RSA key pair

rsa local-key-pair destroy

Optional

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-5

 Note:

Configuration of the rsa local-key-pair create can survive a reboot. You only need to

configure it once.

III. Creating an SSH user

Table 1-4 Create an SSH user

To do... Use the command... Remarks

Enter system view

system-view

—

Create an SSH user

ssh user username

Required

For an SSH user created by using this command, if you do not specify an authentication

type by using the ssh user authentication-type command for this user, this SSH user

adopts the default authentication type.

IV. Configuring authentication type

An authentication type must be specified for new SSH users. Otherwise, they cannot

access the switch.

Table 1-5 Configure authentication type

To do... Use the command... Remarks

Enter system view

system-view

—

Specify a default

authentication type

for SSH users

ssh authentication-type

default { password | rsa

| password-publickey |

all }

Optional;

By default, the password

authentication type is

specified.

Configure

authentication type

for SSH users

ssh user username

authentication-type

{ password | rsa |

password-publickey |

all }

Optional;

By default, the system does

not specify available

authentication types for SSH

users, that is, they can not

access the switch

Note that:

z Use the ssh authentication-type default command to configure the default

authentication type for all users.

z Use the ssh user username authentication-type command to specify the

authentication type for a user.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-6

z When the two commands are configured simultaneously, and the authentication

types configured for the user (specified by username) are different from each other,

comply with the configuration of the ssh user username authentication-type

command.

Caution:

z If the RSA authentication type is specified, then the RSA public key of the client user

must be configured on the switch.

z For the password-publickey authentication type: SSH1 client users can access

the switch as long as they pass one of the two authentications. SSH2 client users

can access the switch only when they pass both the authentications.

z For the password authentication, the username argument should be consistent

with the effective user name defined in AAA; for the RSA authentication, the

username argument is the local SSH user name, so that there is no need to

configure a local user in AAA.

V. Configuring SSH attributes for the server

Configuring SSH authentication timeout time, retry times, server key update interval

and SSH compatible mode for the server can effectively assure security of SSH

connections by avoiding illegal actions such as malicious password guessing.

Table 1-6 Configure SSH attributes for the server

To do... Use the command... Remarks

Enter system view

system-view

—

Set SSH

authentication

timeout time

ssh server timeout

seconds

Optional

The authentication timeout time

defaults to 60 seconds.

Set SSH

authentication retry

times

ssh server

authentication-retries

times

Optional

The authentication retry times

defaults to 3.

Set server key update

interval

ssh server

rekey-interval hours

Optional

By default, the system does not

update server keys.

Set the SSH server to

be compatible with

SSH1.x clients

ssh server

compatible-ssh1x

enable

Optional

By default, the SSH server is

compatible with SSH1.x clients.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-7

VI. Configuring client public keys

You can configure RSA public keys for client users on the switch and specify RSA

private keys, which correspond to the public keys, on the client. The client public keys

are generated randomly by the SSH2.0 client software.

This operation is not necessary for password authentication type.

Table 1-7 Configure client public keys

To do... Use the command... Remarks

Enter system view

system-view

—

Enter public key view

rsa peer-public-key

key-name

Required

Enter public key code

view

public-key-code

begin

You can key in a blank space

between characters, since the

system can remove the blank

space automatically. You can

also press the <Enter> key and

then key in characters

continuously. But the public key

should be composed of

hexadecimal characters.

Return to public key

view from public key

code view

public-key-code end

The system saves public key

data when exiting from public key

code view

Return to system

view from public key

view

peer-public-key end —

Allocate public keys

to SSH users

ssh user username

assign rsa-key

keyname

Required

The keyname argument is the

name of an existing public key. If

the user already has a public key,

the new public key overrides the

old one.

1.1.3 Configuring an SSH Client

Follow these steps to configure an SSH client:

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-8

To do... Use the command... Remarks

Enter system view

system-view

—

Create the

connection between

an SSH client and

an SSH server

ssh2 { host-ip | host-name }

[ port-num ] [ prefer_kex

{ dh_group1 |

dh_exchange_group } |

prefer_ctos_cipher { des |

aes128 } | prefer_stoc_cipher

{ des | aes128 } |

prefer_ctos_hmac { sha1 |

sha1_96 | md5 | md5_96 } |

prefer_stoc_hmac { sha1 |

sha1_96 | md5 | md5_96 } ] *

Required

You can use this

command to enable the

connection between an

SSH client and an SSH

server, define the

preferential key exchange

algorithm, the preferential

encryption algorithm and

the preferential HMAC

algorithm between the

server and client.

Allocate a public key

to the server

ssh client server-ip assign

rsa-key keyname

Required

You can specify on the

client the public key for

the server to be

connected to guarantee

the client can be

connected to a reliable

server.

Configure the client

to run the first-time

authentication for

the server

ssh client first-time enable

Optional

By default, the client runs

the first-time

authentication.

 Note:

With the first-time authentication, if the SSH client does not have the public key of the

server which the SSH client accesses for the first time, the client continues to access

the server and save the public key of the server locally. Then at the next access, the

client can authenticate the server through the public key saved locally.

1.1.4 Displaying SSH Configuration

Use the display commands in any view to view the running status of SSH and verify the

configuration.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-9

Table 1-8 Display SSH configuration

To do... Use the command... Remarks

Display the public keys of the

host key pair and the server

key pair on the server

display rsa local-key-pair public

Display the public key of the

specified RSA key pair on the

client

display rsa peer-public-key [ brief

| name keyname ]

Display SSH status and

session information

display ssh server { status |

session }

Display SSH user information

display ssh user-information

[ username ]

Display the mappings

between host public keys and

SSH servers saved on a client

display ssh server-info

The display

commands

can be

executed in

any view.

1.1.5 SSH Server Configuration Example

I. Network requirements

As shown in Figure 1-1, the PC (SSH Client) runs the client software supporting

SSH2.0, establishes a local connection with the switch (SSH Server) and ensures the

security of data exchange.

II. Network diagram

SSH Server

SSH Client

Figure 1-1 Network diagram for SSH server configuration

III. Configuration procedure

1) Generate a local RSA key pair.

<H3C>system-view

[H3C] rsa local-key-pair create

 Note:

If the local RSA key pair has been generated in previous operations, skip this step here.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-10

2) Set authentication type.

Settings for the two authentication types are described respectively in the following

section:

z Password authentication

# Set AAA authentication on the user interfaces.

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] authentication-mode scheme

# Set the user interfaces to support SSH.

[H3C-ui-vty0-4] protocol inbound ssh

# Configure the login protocol for the client001 user as SSH, specify commands of level

3, authentication type as password and the authentication password as abc.

[H3C] local-user client001

[H3C-luser-client001] password simple abc

[H3C-luser-client001] service-type ssh level 3

[H3C-luser-client001] quit

[H3C] ssh user client001 authentication-type password

 Note:

Select the default SSH authentication timeout time and authentication retry times. After

these settings, run the SSH2.0-supporting client software on other terminals connected

to the switch. These terminals can log in to the switch using user name client001 and

password abc.

z RSA public key authentication

# Set AAA authentication on the user interfaces.

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] authentication-mode scheme

# Set the user interfaces to support SSH.

[H3C-ui-vty0-4] protocol inbound ssh

# Set the command level for the login users to 3.

[H3C-ui-vty0-4] user privilege level 3

[H3C-ui-vty0-4] quit

# Configure the login protocol for the client002 user as SSH and authentication type as

RSA public key.

[H3C] ssh user client002 authentication-type rsa

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-11

# Generate randomly RSA key pairs on the SSH2.0 client and send the corresponding

public keys to the server.

# Configure client public keys on the server, with their name as H3C002.

[H3C] rsa peer-public-key H3C002

[H3C-rsa-public-key] public-key-code begin

[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463

[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913

[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4

[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC

[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16

[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key] peer-public-key end

[H3C] ssh user client002 assign rsa-key H3C002

# Start the SSH client software on the host which stores the RSA private keys and

perform corresponding configurations to establish an SSH connection.

1.1.6 SSH Client Configuration Example

I. Network requirements

As shown in Figure 1-2:

z Switch A serves as an SSH client with user name being client003.

z Switch B serves as an SSH server, with its IP address being 10.165.87.136.

z The SSH client authenticates the SSH server to ensure that the server end is

legal.

II. Network diagram

Switch B

SSH Server

IP address: 10.165.87.136/24

Switch A

SSH Client

Figure 1-2 Network diagram for SSH client configuration

III. Configuration procedure

The following configurations are performed on Switch B.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-12

 Note:

The SSH client does not authenticate the SSH server for the first time access. It is

necessary to configure on the SSH client the RAS host public key of the SSH server.

1) Configure the client not to perform first-time authentication to the SSH server.

<H3C> system-view

[H3C] undo ssh client first-time

2) Configure server public keys on the client.

[H3C] rsa peer-public-key public

[H3C-rsa-public-key] public-key-code begin

[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463

[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913

[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4

[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC

[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16

[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key] peer-public-key end

[H3C] ssh client 10.165.87.136 assign rsa-key public

3) Start SSH client

Settings for the two authentication types are described respectively in the following

section:

z Adopt the password authentication and start the client using the default encryption

algorithm.

[H3C] ssh2 10.165.87.136

username: client003

Trying 10.165.87.136 ...

Press CTRL+K to abort

Connected to 10.165.87.136 ...

Enter password:

**************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

**************************************************************************

<H3C>

z Adopt the RSA public key authentication and start the client using the defined

encryption algorithm.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-13

[H3C] ssh2 10.165.87.136 perfer_kex dh_group1 perfer_ctos_cipher des

perfer_ctos_hmac md5 perfer_stoc_hmac md5

username: client003

Trying 10.165.87.136...

Press CTRL+K to abort

Connected to 10.165.87.136...

**************************************************************************

* Without the owner's prior written consent, *

* no decompiling or reverse-engineering shall be allowed. *

**************************************************************************

<H3C>

1.2 SFTP Service

1.2.1 SFTP Overview

Secure FTP (SFTP) is a new feature introduced in SSH2.0.

SFTP is established on SSH connections to secure remote users’ login to the switch,

file management, and file transfer (such as upgrade the system), thus providing much

securer data transfer. An SFTP client enables you to securely log onto another remote

device to transfer files.

1.2.2 SFTP Server Configuration

The following sections describe SFTP server configuration tasks:

z Configuring service type for an SSH user

z Enabling the SFTP server

I. Configuring service type for an SSH user

Table 1-9 Configure service type for an SSH user

To do... Use the command... Remarks

Enter system view

system-view

—

Configure service type for

an SSH user

ssh user username

service-type { stelnet |

sftp | all }

Required

By default, the available

service type is stelnet.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-14

 Note:

For SFTP login users, it is necessary to set their service type to sftp or all.

II. Enabling the SFTP server

Table 1-10 Enable the SFTP server

To do... Use the command... Remarks

Enter system view

system-view

—

Enable the SFTP server

sftp server enable

Required

By default, the SFTP

server is not enabled.

1.2.3 SFTP Client Configuration

The following sections describe SFTP client configuration tasks:

Table 1-11 Configure SFTP client

To do...

Command

Key word

View Remarks

Enable the SFTP client

sftp

System view Required

bye

exit

Disable the SFTP client

quit

SFTP client

view

Optional

Change the current

directory

Return to the

upper-level directory

cdup

Display the current

directory

pwd

dir

Display the list of the

files in a directory

Create a new directory

mkdir

SFTP

directory

-related

operations

Delete a directory

rmdir

SFTP client

view

Optional

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-15

To do...

Command

Key word

View Remarks

Rename a file on the

SFTP server

rename

Download a file from

the remote SFTP

server

get

Upload a local file to

the remote SFTP

server

put

dir

Display the list of the

files in a directory

delete

SFTP

file-related

operations

Delete a file from the

SFTP server

remove

SFTP client

view

Optional

Get help information about SFTP

client commands

help

SFTP client

view

Optional

I. Enabling the SFTP client

You can enable the SFTP client, establish a connection to the remote SFTP server and

enter STP client view.

Table 1-12 Enable the SFTP client

To do... Use the command... Remarks

Enter system view

system-view

—

Enable the SFTP

client

sftp { host-ip | host-name } [ port-num ]

[ prefer_kex { dh_group1 |

dh_exchange_group } |

prefer_ctos_cipher { des | aes128 } |

prefer_stoc_cipher { des | aes128 } |

prefer_ctos_hmac { sha1 | sha1_96 | md5

| md5_96 } | prefer_stoc_hmac { sha1 |

sha1_96 | md5 | md5_96 } ] *

Required

II. Disabling the SFTP client

Table 1-13 Disable the SFTP client

To do... Use the command... Remarks

Enter system view

system-view

—

Enter SFTP client view

sftp { host-ip |

host-name }

—

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-16

To do... Use the command... Remarks

bye

exit

Disable the SFTP client

quit

The three commands

have the same function.

III. Operating with SFTP directories

SFTP directory-related operations include: changing or displaying the current directory,

creating or deleting a directory, and displaying files or information of a specific directory.

Table 1-14 Operate with SFTP directories

To do... Use the command... Remarks

Enter system view

system-view

Enter SFTP client view

sftp { host-ip |

host-name }

Change the current

directory

cd [ remote-path ]

Return to the upper-level

directory

cdup

Display the current

directory

pwd

Optional

dir [ -a | -l ] [ remote-path ]

Display the list of the files

in a directory

ls [ -a | -l ] [ remote-path ]

Optional

The dir and ls commands

have the same function.

Create a directory on the

SFTP server

mkdir remote-path

Delete a directory from

the SFTP server

rmdir

remote-path&<1-10>

Optional

IV. Operating with SFTP files

SFTP file-related operations include: changing file name, downloading files, uploading

files, displaying the list of the files, and deleting files.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-17

Table 1-15 Operate with SFTP files

To do... Use the command... Remarks

Enter system view

system-view

Enter SFTP client view

sftp { host-ip |

host-name }

Change the name of a file

on the remote SFTP

server

rename old-name

new-name

Download a file from the

remote SFTP server

get remote-file [ local-file ]

Upload a file to the remote

SFTP server

put local-file [ remote-file ]

Optional

dir [ -a | -l ] [ remote-path ]

Display the list of files in a

directory

ls [ -a | -l ] [ remote-path ]

Optional

The dir and ls commands

have the same function.

delete

remote-file&<1-10>

Delete a file from the

SFTP server

remove

remote-file&<1-10>

Optional

The delete and remove

commands have the

same function.

V. Displaying help information

You can display help information about a command, such as syntax and parameters.

Table 1-16 Display help information about SFTP client commands

To do... Use the command... Remarks

Enter system view

system-view

—

Enter SFTP client view sftp { host-ip | host-name }

—

Display help information about

SFTP client commands

help [ all | command-name ] Optional

1.2.4 SFTP Configuration Example

I. Network requirements

As shown in Figure 1-3:

z An SSH connection is present between Switch A and Switch B.

z Switch B serves as an SFTP server, with IP address being 10.111.27.91.

z Switch A serves as an SFTP client.

z An SSH user named abc with password being hello is created.

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-18

II. Network diagram

Switch B

SFTP Server

IP address: 10.111.27.91/24

Switch A

SFTP Client

Figure 1-3 Network diagram for SFTP configuration

III. Configuration procedure

1) Configure Switch B (SFTP server)

# Enable the SFTP server.

[H3C] sftp server enable

# Specify SFTP service for SSH user abc.

[H3C] ssh user abc service-type sftp

2) Configure Switch A (SFTP client)

# Establish a connection to the remote SFTP server and enter SFTP client view.

[H3C] sftp 10.111.27.91

# Display the current directory on the SFTP server, delete file z and verify the operation.

sftp-client> dir

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub

-rwxrwxrwx 1 noone nogroup 0 Sep 01 08:00 z

sftp-client> delete z

The following File will be deleted:

flash:/z

Are you sure to delete it?(Y/N):y

This operation may take a long time. Please wait...

File successfully Removed

sftp-client> dir

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub

# Create directory new1 and verify the operation.

sftp-client> mkdir new1

Operation Manual – SSH Terminal Service

H3C S7500 Series Ethernet Switches Chapter 1

SSH Terminal Service Configuration

1-19

New directory created

sftp-client> dir

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub

drwxrwxrwx 1 noone nogroup 0 Sep 02 06:30 new1

# Change the name of directory new1 to new2 and verify the operation.

sftp-client> rename new1 new2

File successfully renamed

sftp-client> dir

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub

drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2

# Download the file named pubkey2 and rename it to public.

sftp-client> get pubkey2 public

Remote file:flash:/pubkey2 ---> Local file: public..

Downloading file successfully ended

# Upload the file named pu to the SFTP server and rename it to puk. Verify the

operations.

sftp-client> put pu puk

Local file: pu ---> Remote file: flash:/puk

Uploading file successfully ended

sftp-client> dir

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2

-rwxrwxrwx 1 noone nogroup 283 Sep 02 06:35 pub

-rwxrwxrwx 1 noone nogroup 283 Sep 02 06:36 puk

sftp-client>

# Exit from SFTP.

sftp-client> quit

Bye

[H3C]

H3C S7500 Series Operating instructions

H3C S7500 Series Operating instructions

H3C S7500 Series Operating instructions

Related papers

Other documents