9-6
Configuration procedure
1) Configure the SFTP server (Switch B)
# Generate RSA and DSA key pairs and enable the SSH server.
<SwitchB> system-view
[SwitchB] public-key local create rsa
[SwitchB] public-key local create dsa
[SwitchB] ssh server enable
# Enable the SFTP server.
[SwitchB] sftp server enable
# Configure an IP address for VLAN interface 1, which the SSH client uses as the destination for SSH
connection.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address 192.168.0.1 255.255.255.0
[SwitchB-Vlan-interface1] quit
# Set the authentication mode on the user interfaces to AAA.
[SwitchB] user-interface vty 0 4
[SwitchB-ui-vty0-4] authentication-mode scheme
# Set the protocol that a remote user uses to log in as SSH.
[SwitchB-ui-vty0-4] protocol inbound ssh
[SwitchB-ui-vty0-4] quit
Before performing the following tasks, you must generate use the client software to generate RSA key
pairs on the client, save the host public key in a file named pubkey, and then upload the file to the
SSH server through FTP or TFTP. For details, refer to
Configure the SFTP client (Switch A) below.
# Import the peer public key from the file pubkey.
[SwitchB] public-key peer Switch001 import sshkey pubkey
# For user client001, set the service type as SFTP, authentication type as publickey, public key as
Switch001, and working folder as flash:/
[SwitchB] ssh user client001 service-type sftp authentication-type publickey assign publickey
Switch001 work-directory flash:/
2) Configure the SFTP client (Switch A)
# Configure an IP address for VLAN interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-Vlan-interface1] ip address 192.168.0.2 255.255.255.0
[SwitchA-Vlan-interface1] quit
# Generate RSA key pairs.
[SwitchA] public-key local create rsa
To Next Page
Loading...
