- Table of Contents
-
- H3C S7500 Series Command Manual(Release 3100 Series)-(V1.04)
- 00-1Cover
- 01-CLI Commands
- 02-Login Commands
- 03-Configuration File Management Commands
- 04-VLAN Commands
- 05-Extended VLAN Application Commands
- 06-IP Address-IP Performance-IPX Commands
- 07-GVRP Commands
- 08-QinQ Commands
- 09-Port Basic Configuration Commands
- 10-Link Aggregation Commands
- 11-Port Isolation Commands
- 12-Port Binding Commands
- 13-DLDP Commands
- 14-MAC Address Table Commands
- 15-MSTP Commands
- 16-Routing Protocol Commands
- 17-Multicast Commands
- 18-802.1x Commands
- 19-AAA-RADIUS-HWTACACS-EAD Commands
- 20-Traffic Accounting Commands
- 21-VRRP-HA Commands
- 22-ARP Commands
- 23-DHCP Commands
- 24-ACL Commands
- 25-QoS Commands
- 26-Mirroring Commands
- 27-Cluster Commands
- 28-PoE Commands
- 29-UDP-Helper Commands
- 30-SNMP-RMON Commands
- 31-NTP Commands
- 32-SSH Terminal Service Commands
- 33-File System Management Commands
- 34-FTP and TFTP Commands
- 35-Information Center Commands
- 36-DNS Commands
- 37-System Maintenance and Debugging Commands
- 38-HWPing Commands
- 39-RRPP Commands
- 40-NAT-Netstream-Policy Routing Commands
- 41-Telnet Protection Commands
- 42-Hardware-Dependent Software Configuration Commands
- 43-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
32-SSH Terminal Service Commands | 190 KB |
Table of Contents
Chapter 1 SSH Terminal Service Configuration Commands
1.1 SSH Server Configuration Commands
1.1.1 display rsa local-key-pair public
1.1.2 display rsa peer-public-key
1.1.4 display ssh user-information
1.1.9 rsa local-key-pair create
1.1.10 rsa local-key-pair destroy
1.1.12 ssh authentication-type default
1.1.13 ssh server authentication-retries
1.1.14 ssh server compatible-ssh1x enable
1.1.15 ssh server rekey-interval
1.1.18 ssh user assign rsa-key
1.1.19 ssh user authentication-type
1.2 SSH Client Configuration Commands
1.2.6 ssh client assign rsa-key
1.2.7 ssh client first-time enable
1.3 SFTP Server Configuration Commands
1.4 SFTP Client Configuration Commands
Chapter 1 SSH Terminal Service Configuration Commands
1.1 SSH Server Configuration Commands
1.1.1 display rsa local-key-pair public
Syntax
display rsa local-key-pair public
View
Any view
Parameters
None
Description
Use the display rsa local-key-pair public command to display the public key of the host key pair (H3C_Host) and the public key of the server key pair (H3C_Server).
Related commands: rsa local-key-pair create.
Examples
# Display the public keys of the server key pair and host key pair on the server.
<H3C> display rsa local-key-pair public
=====================================================
Time of Key pair created: 16:51:29 2006/04/27
Key name: H3C_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
E4B60800 48C19975 3D912FCE 0BBEA711 3E4B94D0
E8E6A080 F4D5D2DA 4BCBAF07 B9F91198 FE9937C6
EE0C7AEE 1B8C06F0 8BF01F36 05CF26DB F789A2D8
23182ECB
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDktggASMGZdT2RL84LvqcRPkuU0OjmoID0
1dLaS8uvB7n5EZj+mTfG7gx67huMBvCL8B82Bc8m2/eJotgjGC7L
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH authorized_keys file :
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQDktggASMGZdT2RL84LvqcRPkuU0OjmoID01dLaS8uv
B7n5EZj+mTfG7gx67huMBvCL8B82Bc8m2/eJotgjGC7L rsa-key
=====================================================
Time of Key pair created: 16:51:55 2006/04/27
Key name: H3C_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
E1D3BAFE 5E646CF2 241602A1 2FF9AF7F 4AE5A7DE
02894012 1A733A4B 3ABA2F65 DB8CE292 644BB45C
2613F773 BC67C912 DCDACBF6 11DF66CA B48A9F0F
97886142 DB845B18 9C956B16 76D7C8BC 7E355894
CC2854F0 0D29376C 5F30F7A5 98A64CAD
0203
010001
1.1.2 display rsa peer-public-key
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameters
brief: Displays brief information about all public keys on the client.
keyname: Name of the client public key, a string of 1 to 64 characters.
Description
Use the display rsa peer-public-key command to display the client public key of the specified RSA key pair. If no key name is specified, the command displays the bit numbers and names of all public keys of the client.
Examples
# Display all public keys on the client.
<H3C> display rsa peer-public-key brief
Address Bits Name
---------------------------
1024 192.168.0.39
# Display the public key named abc of the client key pair.
<H3C> display rsa peer-public-key name abc
=====================================
Key name: abc
Key address:
=====================================
Key Code:
308186
028180
739A291A BDA704F5 D93DC8FD F84C4274 631991C1 64B0DF17 8C55FA83 3591C7D4
7D5381D0 9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408
61B74A0E 135523CC D74CAC61 F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9
44018B3B 69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4 BB45504F
0201
25
1.1.3 display ssh server
Syntax
display ssh server { status | session }
View
Any view
Parameters
status: Displays SSH status information.
session: Displays SSH session information.
Description
Use the display ssh server command to display the status or session information about the SSH server.
Related commands: ssh server authentication-retries, ssh server timeout.
Examples
# Display the status information about the SSH server.
<H3C> display ssh server status
SSH version : 1.99
SSH connection timeout : 60 seconds
SSH server key generating interval : 0 hours
SSH Authentication retries : 3 times
SFTP Server: Enable
Caution:
l If you use the ssh server compatible-ssh1x enable command to configure the server to be compatible with the client of SSH1.x version, the SSH version will be displayed as 1.99.
l If you use the undo ssh server compatible-ssh1x enable command to configure the server to be not compatible with the client of SSH1.x version, the SSH version will be displayed as 2.0.
# Display the session information about the SSH server.
<H3C> display ssh server session
Conn Ver Encry State Retry SerType Username
VTY 0 2.0 AES started 0 stelnet kk
VTY 1 2.0 AES started 0 sFTP abc
Table 1-1 Description on the fields of the display ssh server session command
Field |
Description |
Conn |
Number of VTY interface used for user login |
Ver |
SSH version |
Encry |
Encryption algorithm used by SSH. Encry is short for encryption. The encryption algorithms in common use are advanced encryption standard (AES), data encryption standard (DES), and triple DES (3DES). |
State |
Current state |
Retry |
Number of retries |
SerType |
Type of service |
Username |
User name |
1.1.4 display ssh user-information
Syntax
display ssh user-information [ username ]
View
Any view
Parameters
username: SSH user name, a string of 1 to 80 characters.
Description
Use the display ssh user-information command to display information about the current SSH users, including user name, authentication mode, corresponding public key name and authorized service types. If the username argument is specified, the command displays information about the specified user.
Examples
# Display the information about the current user.
<H3C> display ssh user-information
Username Authentication-type User-public-key-name Service-type
kk rsa test sftp
1.1.5 peer-public-key end
Syntax
peer-public-key end
View
Public key view
Parameters
None
Description
Use the peer-public-key end command to return to system view from public key view.
Related commands: rsa peer-public-key, public-key-code begin.
Examples
# Exit from public key view.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] peer-public-key end
1.1.6 protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameters
all: Supports all protocols, including Telnet and SSH.
ssh: Supports only SSH.
telnet: Supports only Telnet.
Description
Use the protocol inbound command to configure the protocols supported in the current user interface.
By default, both SSH and Telnet are supported.
After you use this command with SSH enabled, SSH login is still unavailable until next login if no RSA key is configured locally.
Caution:
l Before configuring the user interface to support the SSH protocol, to ensure a successful login, you must configure the AAA authentication using the authentication-mode scheme command.
l The protocol inbound ssh configuration fails if you have enabled the authentication-mode password command or the authentication-mode none command. When you have configured the SSH protocol successfully for the user interface, then you cannot enable the authentication-mode password command or the authentication-mode none command any more.
Related commands: user-interface vty.
Examples
# Configure vty0 through vty4 to support SSH only.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
[H3C-ui-vty0-4] protocol inbound ssh
1.1.7 public-key-code begin
Syntax
public-key-code begin
View
Public key view
Parameters
None
Description
Use the public-key-code begin command to enter public key code view and input the client public key.
You can key in a blank space between characters (since the system can remove the blank space automatically), or press <Enter> to continue your input at the next line. But the client public key, which is generated randomly by the SSH2.0-supporting client software, should be a hexadecimal character string coded in the public key format.
Related commands: rsa peer-public-key, public-key-code end.
Examples
# Enter public key code view and input client public keys.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code begin
[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key]
1.1.8 public-key-code end
Syntax
public-key-code end
View
Public key code view
Parameters
None
Description
Use the public-key-code end command to return from public key code view to public key view and save the public keys you input.
After you use this command to terminate the public key coding process, public key validity will be checked before the keys are saved.
l If there are illegal characters in the keys, the prompt will be given and the keys will be discarded. Your configuration this time fails.
l If the keys are valid, they will be saved in the local public key list.
Related commands: rsa peer-public-key, public-key-code begin.
Examples
# Exit from public key code view and save the public keys.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C]rsa peer-public-key kk
[H3C-rsa-public-key]public-key-code begin
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key]
1.1.9 rsa local-key-pair create
Syntax
rsa local-key-pair create
View
System view
Parameters
None
Description
Use the rsa local-key-pair create command to generate RSA key pairs, including the host key pair and the server key pair.
Note that:
l After you execute this command, the system will prompt you to specify the key length in bits. The length range is from 512 bits to 2048 bits, and defaults to 1024 bits. If there already exist key pairs, the system will prompt you whether to replace the old ones.
l Configuration of the rsa local-key-pair create can survive a reboot. You only need to configure it once.
& Note:
Server key pair (H3C_Server) is not used in SSH2.0; therefore, when the rsa local-key-pair create command is executed, the system only prompts you the host RSA key pair (H3C_Host) is generated, and does not inform you the information about the server key pair even if the server key pair is generated in the background for the purpose of SSH1.x compatibility. You can use the display rsa local-key-pair public command to display the generated key pairs.
Related commands: rsa local-key-pair destroy, display rsa local-key-pair public, ssh server compatible-ssh1x enable.
Examples
# Generate a local RSA key pair.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa local-key-pair create
The key name will be: H3C_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
....++++++++++++
........++++++++++++
..................++++++++
...............................................................................+
+++++++
..........
1.1.10 rsa local-key-pair destroy
Syntax
rsa local-key-pair destroy
View
System view
Parameters
None
Description
Use the rsa local-key-pair destroy command to destroy all existing RSA key pairs at the server end.
Related commands: rsa local-key-pair create.
Examples
# Destroy all existing RSA key pairs at the server end.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa local-key-pair destroy
% The name for the keys which will be destroyed is H3C_Host .
% Confirm to destroy these keys? [Y/N]:y
......................
1.1.11 rsa peer-public-key
Syntax
rsa peer-public-key key-name
undo rsa peer-public-key key-name
View
System view
Parameters
key-name: Client public key name, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command to enter public key view.
Use the undo rsa peer-public-key command to remove the configured client public key.
You can use the rsa peer-public-key command along with the public-key-code begin command to configure on the server the client public keys.
Related commands: public-key-code begin, public-key-code end.
Examples
# Enter H3C002 public key view.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
# Remove the client public key named 192.168.0.39.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] undo rsa peer-public-key 192.168.0.39
% Do you really want to remove the public key named 192.168.0.39 ? [Y/N]:y
[H3C]
1.1.12 ssh authentication-type default
Syntax
ssh authentication-type default { password | rsa | password-publickey | all }
undo ssh authentication-type default
View
System view
Parameters
password: Specifies the authentication type as password authentication.
rsa: Specifies the authentication type as RSA public key authentication.
password-publickey: Specifies the authentication type as both password authentication and RSA public key authentication, that is, the user can pass the authentication only when both the password and RSA public key are correct.
all: Specifies the authentication type as password authentication or RSA public key authentication, that is, the user can pass the authentication if either the password or RSA public key is correct.
Description
Use the ssh authentication-type default command to specify a default authentication type for SSH users. After the command is configured, when a SSH user is added, if you do not use the ssh user authentication-type command to specify an authentication type for the user, the user needs to pass the default authentication type.
Use the undo ssh authentication-type default command to restore the default settings.
By default, the password authentication type is specified.
Related commands: ssh user authentication-type.
Examples
# Specify the default authentication type as password.
<H3C>system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh authentication-type default password
1.1.13 ssh server authentication-retries
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameters
times: Authentication retry times. It is in the range of 1 to 5 and defaults to 3.
Description
Use the ssh server authentication-retries command to set the authentication retry times for SSH connections.
Use the undo ssh server authentication-retries command to restore the default authentication retry times, which will take effect at next login.
Related commands: display ssh server.
& Note:
If you have used the ssh user authentication-type command to configure the authentication type to password-publickey, you must set the authentication retry times to a number greater than or equal to 2, for one is counted when a client sends a public key to the server.
Examples
# Set the authentication retry times to 4.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh server authentication-retries 4
1.1.14 ssh server compatible-ssh1x enable
Syntax
ssh server compatible-ssh1x enable
undo ssh server compatible-ssh1x
View
Parameters
None
Description
Use the ssh server compatible-ssh1x enable command to make the server compatible with the SSH1.x-supporting client.
Use the undo ssh server compatible-ssh1x enable command to make the server not compatible with the SSH1.x-supporting client.
By default, the server is compatible with the SSH1.x-supporting client.
Examples
# Specify the server compatible with the SSH1.x-supporting client.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh server compatible-ssh1x enable
1.1.15 ssh server rekey-interval
Syntax
ssh server rekey-interval hours
undo ssh server rekey-interval
View
System view
Parameters
hours: Update period of the server key, in hours, ranging from 1 to 24.
Description
Use the ssh server rekey-interval command to set the update interval for the server key.
Use the undo ssh server rekey-interval command to cancel the current configuration.
By default, the system does not update the server key.
Caution:
This command is only effective on users of SSH1.x clients.
Examples
# Set the update interval of the server key to 3 hours.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh server rekey-interval 3
1.1.16 ssh server timeout
Syntax
ssh server timeout seconds
undo ssh server timeout
View
System view
Parameters
seconds: Authentication timeout time. It is in the range of 1 to 120 (seconds) and defaults to 60 seconds.
Description
Use the ssh server timeout command to set authentication timeout time for SSH connections.
Use the undo ssh server timeout command to restore the default timeout time. The default value takes effect at next login.
Related commands: display ssh server.
Examples
# Set the authentication timeout time to 80 seconds.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh server timeout 80
1.1.17 ssh user
Syntax
ssh user username
undo ssh user username
View
System view
Parameters
username: Valid SSH user name, a string of 1 to 80 characters.
Description
Use the ssh user command to create an SSH user.
Use the undo ssh user to delete a specified SSH user.
For an SSH user created by using this command, if you do not specify an authentication type by using the ssh user authentication-type command for this user, this SSH user adopts the default authentication type.
& Note:
An SSH user is created on an SSH server for the purpose of specifying the authentication type, the SSH service type, and the public key for the SSH user. An existing SSH user will be removed automatically if it has none of the authentication type, the SSH service type, and the public key configured.
Examples
# Create an SSH user with the name abc.
<H3C> system-view
Enter system view, return to user view with Ctrl+Z.
[H3C] ssh user abc
1.1.18 ssh user assign rsa-key
Syntax
ssh user username assign rsa-key keyname
undo ssh user username assign rsa-key
View
System view
Parameters
username: SSH user name, a string of 1 to 80 characters.
keyname: Client public key name, a string of 1 to 64 characters.
Description
Use the ssh user assign rsa-key command to allocate public keys to SSH users.
Use the undo ssh user assign rsa-key command to remove the association between the public keys and SSH users. The configuration takes effect at the next login.
If the user already has a public key, the new public key overrides the old one.
Related commands: display ssh user-information.
Examples
# Set the client public key for the kk user to key1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh user kk assign rsa-key key1
1.1.19 ssh user authentication-type
Syntax
ssh user username authentication-type { password | rsa | password-publickey | all }
undo ssh user username authentication-type
View
System view
Parameters
username: Valid SSH user name, a string of 1 to 80 characters.
password: Specifies the authentication type as password.
rsa: Specifies the authentication type as RSA public key.
password-publickey: Specifies the authentication type as both password and RSA public key. That is, the user can pass the authentication only when both the password and RSA public key are correct.
& Note:
For the password-publickey authentication type:
l Users of SSH1.x clients can access the switch as long as they pass one of the two authentication types.
l Users of SSH2.0 clients can access the switch only when they pass both the two authentication types.
all: Specifies the authentication type as either password or RSA public key. That is, the user can pass the authentication if either the password or the RSA public key is correct.
Description
Use the ssh user authentication-type command to define on the server the available authentication type for an SSH user.
Use the undo ssh user authentication-type command to restore the default settings where the users cannot access the switch.
& Note:
This command defines available authentication type on the server. The actual authentication type, however, is determined by the user on the client.
By default, no authentication type is specified for new SSH users, so they cannot access the switch.
For new SSH users, the server must specify authentication types for them by using the ssh user authentication-type command. Otherwise, they cannot access the switch. The new authentication type configured takes effect at the next login.
Related commands: display ssh user-information.
Examples
# Set the authentication type for the kk user as password authentication.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh user kk authentication-type password
1.2 SSH Client Configuration Commands
1.2.1 display ssh server-info
Syntax
display ssh server-info
View
Any view
Parameters
None
Description
Use the display ssh server-info command to display the association between the servers and the server public keys configured on the clients.
Examples
# Display the association between the servers and the server public keys on the clients.
<H3C> display ssh server-info
Server Name(IP) Server public key name
______________________________________________________
192.168.0.1 abc_key01
192.168.0.2 abc_key02
1.2.2 public-key-code begin
Syntax
public-key-code begin
View
Public key view
Parameters
None
Description
Use the public-key-code begin command to enter public key code view and set server public keys.
You can key in a blank space between characters (since the system can remove the blank space automatically), or press <Enter> to continue your input at the next line. But the public key, which are generated randomly after you use the rsa local-key-pair create command on the server, should be a hexadecimal character string coded in public key format.
Related commands: rsa peer-public-key, public-key-code end.
Examples
# Enter public key code view and set server public keys.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code begin
[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key]
1.2.3 public-key-code end
Syntax
public-key-code end
View
Public key code view
Parameters
None
Description
Use the public-key-code end command to return from public key code view to public key view and save the public keys you set.
After you use this command to terminate the public key coding, public key validity will be checked before the keys are saved.
l If there are illegal characters in the keys, the prompt will be given and the keys will be discarded. Your configuration this time fails.
l If the keys are valid, they will be saved in the local public key list.
Related commands: rsa peer-public-key, public-key-code begin.
Examples
# Exit from public key code view and save the public keys.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code begin
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key]
1.2.4 quit
Syntax
quit
View
User view
Parameters
None
Description
Use the quit command to terminate the connection to the remote SSH server.
Examples
# Terminate the connection to the remote SSH server.
<H3C> quit
1.2.5 rsa peer-public-key
Syntax
rsa peer-public-key key-name
undo rsa peer-public-key key-name
View
System view
Parameters
key-name: Server public key name, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command to enter public key view.
Use the undo rsa peer-public-key key-name command to remove the configured server public key.
You can use the rsa peer-public-key command and then the public-key-code begin command to enter public key code view and configure on the client the server public keys, which are generated randomly after you use the rsa local-key-pair create command.
Related commands: public-key-code begin, public-key-code end, rsa local-key-pair create.
Examples
# Enter H3C002 public key view.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
1.2.6 ssh client assign rsa-key
Syntax
ssh client { server-ip | server-name } assign rsa-key keyname
undo ssh client { server-ip | server-name } assign rsa-key
View
System view
Parameters
server-ip: Server IP address.
server-name: Server name, a string of 1 to 80 characters.
keyname: Server public key name, a string of 1 to 64 characters.
Description
Use the ssh client assign rsa-key command to specify on the client the public key for the server to be connected to guarantee the client can be connected to a reliable server.
Use the undo ssh client assign rsa-key command to remove the association between the public keys and servers.
Examples
# Specify on the client the public key of the server (with IP address 192.168.0.1) as abc.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh client 192.168.0.1 assign rsa-key abc
1.2.7 ssh client first-time enable
Syntax
ssh client first-time enable
undo ssh client first-time
View
System view
Parameters
None
Description
Use the ssh client first-time enable command to configure the client to run the initial authentication.
Use the undo ssh client first-time command to remove the configuration.
& Note:
In the initial authentication, if the SSH client does not have the public key for the server which it accesses for the first time, the client continues to access the server and save locally the public key of the server. Then at the next access, the client can authenticate the server with the public key saved locally.
When the initial authentication function is not available, the client does not access the server if it does not have the public key of the server locally. In this case, you need first to save the public key of the target server to the client in other ways.
By default, the client runs the initial authentication.
Examples
# Configure the client to run the initial authentication.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh client first-time enable
1.2.8 ssh2
Syntax
ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } | prefer_ctos_cipher { des | aes128 } | prefer_stoc_cipher { des | aes128 } | prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } | prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] *
View
System view
Parameters
host-ip: Server IP address.
host-name: Server name, a string of 1 to 20 characters.
port-num: Server port number. It is in the range of 0 to 65,535 and defaults to 22.
prefer_kex: Preferential key exchange algorithm. Choose one of the two available algorithms.
dh_group1: Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default algorithm.
dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Preferential encryption algorithm from the client to server. It defaults to AES128.
prefer_stoc_cipher: Preferential encryption algorithm from the server to client. It defaults to AES128.
des: DES_cbc encryption algorithm.
aes128: AES_128 encryption algorithm.
prefer_ctos_hmac: Preferential HMAC algorithm from the client to server. It defaults to SHA1_96.
prefer_stoc_hmac: Preferential HMAC algorithm from the server to client. It defaults to SHA1_96.
sha1: HMAC-SHA1 algorithm.
sha1_96: HMAC-SHA1_96 algorithm.
md5: HMAC-MD5 algorithm.
md5_96: HMAC-MD5-96 algorithm.
& Note:
l Data encryption standard (DES) is the standard algorithm for data encryption.
l Advanced encryption standard (AES) is the advanced encryption standard algorithm.
Description
Use the ssh2 command to enable the connection between SSH client and server, define preferential key exchange algorithm, preferential encryption algorithm and preferential HMAC algorithm on the server and client.
Examples
# Log in to the remote SSH2.0 server with IP address 10.1.1.2 and adopt the default encryption algorithm.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh2 10.1.1.2
Username: 123
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 10.1.1.2 ...
The Server is not authenticated. Do you continue access it?(Y/N):y
Do you want to save the server's public key?(Y/N):n
Enter password:
**************************************************************************
* Copyright(c) 2004-2007 Hangzhou H3C Tech. Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
**************************************************************************
<H3C>
1.3 SFTP Server Configuration Commands
1.3.1 sftp server enable
Syntax
sftp server enable
undo sftp server
View
System view
Parameters
None
Description
Use the sftp server enable command to enable the secure FTP (SFTP) server.
Use the undo sftp server enable command to disable the SFTP server.
By default, the SFTP server is disabled.
Examples
# Enable the SFTP server.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] sftp server enable
1.3.2 ssh user service-type
Syntax
ssh user username service-type { stelnet | sftp | all }
undo ssh user username service-type
View
System view
Parameters
username: Local user name or the user name defined on the remote RADIUS server, a string of 1 to 80 characters.
stelnet: Sets the service type to secure Telnet.
sftp: Sets the service type to SFTP.
all: Includes both secure Telnet service type and SFTP service type.
Description
Use the ssh user service-type command to specify service type for a user.
Use the undo ssh user service-type command to remove the service type specified for an SSH user.
The default service type for the SSH user is stelnet.
Related commands: display ssh user-information.
Examples
# Specify SFTP service for SSH user kk.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh user kk service-type sftp
1.4 SFTP Client Configuration Commands
1.4.1 bye
Syntax
bye
View
SFTP Client view
Parameters
None
Description
Use the bye command to terminate the connection to the remote SFTP server and return to system view.
This command has the same function as the exit and quit commands.
Examples
# Terminate the connection to the remote SFTP server.
sftp-client> bye
Bye
[H3C]
1.4.2 cd
Syntax
cd [ remote-path ]
View
SFTP Client view
Parameters
remote-path: Name of a path on the server.
Description
Use the cd command to change the current path on the remote SFTP server. If you did not specify the remote-path argument, the current path is displayed.
& Note:
You can use the cd .. command to return to the upper level directory.
You can use the cd / command to return to the root directory of the system (that is, flash:/).
Examples
# Change the current path to new1.
sftp-client> cd new1
Current Directory is:
flash:/new1
1.4.3 cdup
Syntax
cdup
View
SFTP client view
Parameters
None
Description
Use the cdup command to return the current path of the remote SFTP server to the upper level directory.
Examples
# Return the current path to the upper level directory.
sftp-client> cdup
Current Directory is:
flash:/
1.4.4 delete
Syntax
delete remote-file&<1-10>
View
SFTP client view
Parameters
remote-file&<1-10>: Name of a file on the server. &<1-10> means that you can provide up to 10 filenames, which are separated by space.
Description
Use the delete command to remove the specified file from the remote SFTP server.
This command has the same function as the remove command.
Examples
# Remove file test.txt from the server.
sftp-client> delete test.txt
The followed File will be deleted:
flash:/test.txt
Are you sure to delete it?(Y/N):y
This operation may take a long time. Please wait...
File successfully Removed
1.4.5 dir
Syntax
dir [ -a | -l ] [ remote-path ]
View
SFTP client view
Parameters
-a: Displays the filenames or the folder names of the specified directory.
-l: Displays in list form detailed information of the files and folder of the specified directory
remote-path: Name of the directory to be queried.
Description
Use the dir command to display file and folder information under a specified directory.
With the –a and –l keyword not specified, the command displays detailed information of files and folder under the specified directory in a list form.
With the remote-path not specified, the command displays the file and folder information of the current working directory.
This command functions as the ls command.
Examples
# Display in a list form detailed file and folder information under the current working directory.
sftp-client> dir
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06: 52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08: 01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07: 39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08: 28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08: 24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08: 18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08: 30 pub2
1.4.6 exit
Syntax
exit
View
SFTP client view
Parameters
None
Description
Use the exit command to terminate the connection to the remote SFTP server and return to system view.
This command has the same function as the bye and quit commands.
Examples
# Terminate the connection to the remote SFTP server.
sftp-client> exit
Bye
[H3C]
1.4.7 get
Syntax
get remote-file [ local-file ]
View
SFTP client view
Parameters
remote-file: Name of the source file on the remote SFTP server.
local-file: Name assigned to the file to be saved locally.
Description
Use the get command to download a file from a remote server and save the file locally.
If no local file name is specified, the name of the source file on the remote SFTP server is used by default.
Examples
# Download file tt.bak and save it with name tt.txt.
sftp-client>get tt.bak tt.txt....
Remote file: flash:/tt.bak ---> Local file: tt.txt..
Downloading file successfully ended
1.4.8 help
Syntax
help [ all | command-name ]
View
SFTP client view
Parameters
all: Displays a list of all commands.
command-name: Name of a command.
Description
Use the help command to get the help information about the specified or all SFTP client commands.
With neither the argument nor the keyword specified, the command displays a list of all commands.
Examples
# Display the help information about the get command.
sftp-client> help get
get remote-path [local-path] Download file.Default local-path is the same
with remote-path
1.4.9 ls
Syntax
ls [ -a | -l ] [ remote-path ]
View
SFTP client view
Parameters
-a: Displays the filenames or the folder names of the specified directory.
-l: Displays in list form detailed information of the files and folder of the specified directory
remote-path: Name of the directory to be queried.
Description
Use the ls command to display file and folder information under a specified directory.
With the –a and –l keyword not specified, the command displays detailed information of files and folder under the specified directory in a list form.
With the remote-path not specified, the command displays the file and folder information of the current working directory.
This command functions as the dir command.
Examples
# Display in a list form detailed file and folder information under the current working directory.
sftp-client> ls
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2
1.4.10 mkdir
Syntax
mkdir remote-path
View
SFTP client view
Parameters
remote-path: Name of a directory on the remote SFTP server.
Description
Use the mkdir command to create a directory on the remote SFTP server.
Examples
# Create directory hj on the remote SFTP server.
sftp-client>mkdir hj
New directory created
1.4.11 put
Syntax
put local-file [ remote-file ]
View
SFTP client view
Parameters
local-file: Name of the local source file.
remote-file: Name assigned to the file to be saved on the remote SFTP server.
Description
Use the put command to upload a local file to the remote SFTP server.
If no name is specified for the file to be saved on the remote SFTP server, the name of the source file is used.
Examples
# Upload local file config.cfg to the remote SFTP server and save it with the name 1.txt.
sftp-client>put temp.c config.cfg 1.txt
Local file:config.cfg ---> Remote file: flash:/1.txt
Uploading file successfully ended
1.4.12 pwd
Syntax
pwd
View
SFTP client view
Parameters
None
Description
Use the pwd command to display the current directory on the remote SFTP server.
Examples
# Display the current directory on the remote SFTP server.
sftp-client> pwd
flash:/
1.4.13 quit
Syntax
quit
View
SFTP client view
Parameters
None
Description
Use the quit command to terminate the connection to the remote SFTP server and exit to system view.
This command has the same function as the bye and exit commands.
Examples
# Terminate the connection to the remote SFTP server.
sftp-client> quit
Bye
[H3C]
1.4.14 remove
Syntax
remove remote-file&<1-10>
View
SFTP client view
Parameters
remote-file&<1-10>: Name of a file on an SFTP server. &<1-10> means that you can provide up to 10 filenames, which are separated by space.
Description
Use the remove command to remove the specified file from the remote SFTP server.
This command has the same function as the delete command.
Examples
# Delete file temp.c from the server.
sftp-client> remove temp.c
The followed File will be deleted:
flash:/test2.txt
Are you sure to delete it?(Y/N):y
This operation may take a long time.Please wait...
File successfully Removed
1.4.15 rename
Syntax
rename old name new name
View
SFTP client view
Parameters
oldname: Original file name or directory name.
newname: New file name or directory name.
Description
Use the rename command to change the name of a specified file or directory on an SFTP server.
Examples
# Change the name of file temp.bat on the SFTP server to temp.txt.
sftp-client> rename temp bat temp.txt
File successfully renamed
1.4.16 rmdir
Syntax
rmdir remote-path&<1-10>
View
SFTP client view
Parameters
remote-path&<1-10>: Name of the directory on the remote SFTP server. &<1-10> means that you can provide up to 10 filenames that are separated by space.
Description
Use the rmdir command to remove the specified directory from the remote SFTP server.
Examples
# Remove directory hello from the remote SFTP server.
sftp-client>rmdir hello
The followed directory will be deleted
flash:/hello
Are you sure to remove it?(Y/N):y
Directory successfully removed
1.4.17 sftp
Syntax
sftp { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } | prefer_ctos_cipher { des | aes128 } | prefer_stoc_cipher { des | aes128 } | prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } | prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] *
View
System view
Parameters
host-ip: IP address of the server.
host-name: Name of the server, a string of 1 to 20 characters.
port-num: Port number of the server, in the range 0 to 65,535. The default port number is 22.
prefer_kex: Specifies the preferential key exchange algorithm, which is one of the two algorithms available.
dh_group1: Specifies the Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default key exchange algorithm.
dh_exchange_group: Specifies the Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Species the preferential encryption algorithm from client to the server. It defaults to AES128.
prefer_stoc_cipher: Specifies the preferential encryption algorithm from server to client. It defaults to AES128.
des: Specifies the DES_cbc encryption algorithm.
aes128: Specifies the AES_128 encryption algorithm.
prefer_ctos_hmac: Specifies the preferential HMAC algorithm from client to server. It defaults to SHA1_96.
prefer_stoc_hmac: Specifies the preferential HMAC algorithm from server to client. It defaults to SHA1_96.
sha1: Specifies the HMAC-SHA1 algorithm.
sha1_96: Specifies the HMAC-SHA1_96 algorithm.
md5: Specifies the HMAC-MD5 algorithm.
md5_96: Specifies the HMAC-MD5-96 algorithm.
Description
Use the sftp command to establish a connection to the remote SFTP server and enter SFTP client view.
Examples
# Establish a connection to the SFTP server with IP address 10.1.1.2 and use the default encryption algorithms.
[H3C]sftp 10.1.1.2
Input Username: kk
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 10.1.1.2 ...
The Server is not authenticated. Do you continue access it?(Y/N):y
Do you want to save the server's public key?(Y/N):y
Enter password:
sftp-client>