HPE MSR1000 - Page 279

To Next Page

To Previous Page

173

sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key rsa |

prefer-compress zlib | prefer-ctos-cipher { aes128 | aes256 } | prefer-ctos-hmac { sha1 |

sha1-96 } | prefer-kex dh-group14 | prefer-stoc-cipher { aes128 | aes256 } | prefer-stoc-hmac

{ sha1 | sha1-96 } ] * [ publickey keyname | source { interface interface-type interface-number | ip

ip-address } ] *

New syntax

In non-FIPS mode:

sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { dsa | ecdsa | rsa |

{ x509v3-ecdsa-sha2-nistp384 | x509v3-ecdsa-sha2-nistp256 } pki-domain domain-name } |

prefer-compress zlib | prefer-ctos-cipher { 3des-cbc | aes128-cbc | aes256-cbc | des-cbc |

aes128-ctr | aes192-ctr | aes256-ctr | aes128-gcm | aes256-gcm } | prefer-ctos-hmac { md5 |

md5-96 | sha1 | sha1-96 | sha2-256 | sha2-512 } | prefer-kex { dh-group-exchange-sha1 |

dh-group1-sha1 | dh-group14-sha1 | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 } |

prefer-stoc-cipher { 3des-cbc | aes128-cbc | aes256-cbc | des-cbc | aes128-ctr | aes192-ctr |

aes256-ctr | aes128-gcm | aes256-gcm } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 |

sha2-256 | sha2-512 } ] * [ dscp dscp-value | { public-key keyname | server-pki-domain

domain-name } | source { interface interface-type interface-number | ip ip-address } ] *

In FIPS mode:

sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { ecdsa | rsa |

{ x509v3-ecdsa-sha2-nistp384 | x509v3-ecdsa-sha2-nistp256 } pki-domain domain-name } |

prefer-compress zlib | prefer-ctos-cipher { aes128-cbc | aes256-cbc | aes128-ctr | aes192-ctr |

aes256-ctr | aes128-gcm | aes256-gcm } | prefer-ctos-hmac { sha1 | sha1-96 | sha2-256 |

sha2-512 } | prefer-kex { dh-group14-sha1 | ecdh-sha2-nistp256 | ecdh-sha2-nistp384 } |

prefer-stoc-cipher { aes128-cbc | aes256-cbc | aes128-ctr | aes192-ctr | aes256-ctr |

aes128-gcm | aes256-gcm } | prefer-stoc-hmac { sha1 | sha1-96 | sha2-256 | sha2-512 } ] *

[ { public-key keyname | server-pki-domain domain-name } | source { interface interface-type

interface-number | ip ip-address } ] *

Views

User view

Change description

The following keywords were added:

•

Keywords for specifying PKI domains used in certificate verification:

 pki-domain domain-name: Specifies the PKI domain of the client's certificate. When the

public key algorithm is x509v3 (x509v3-ecdsa-sha2-nistp256 or

x509v3-ecdsa-sha2-nistp384), you must specify this option for the client to get the correct

local certificate.

 server-pki-domain domain-name: Specifies the PKI domain for verifying the server's

certificate. The domain-name argument represents the PKI domain name, a

case-insensitive string of 1 to 31 characters. If you do not specify the server's PKI domain,

the client uses the PKI domain of its own certificate to verify the server's certificate.

Related product manuals