Syntax
display rsa local-key-pair public
View
Any view
Parameter
None
Description
Use the display rsa local-key-pair
public command to display the public key in the host key pair on the server.
If no key pair has been generated, the system prompts “% RSA keys not
found”.
Related command: rsa local-key-pair
create.
Example
# Display the public key in the host key
pair on the server.
<H3C> display rsa
local-key-pair public
=====================================================
Time of Key pair created: 20:08:35
2000/04/02
Key name: H3C_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
DE99B540 87B666B9 69C948CD
BBCC2B60 997F9C18
9AA6651C 6066EF76 242DEAD1
DEFEA162 61677BD4
1A7BFAE7 668EDAA9 FB048C37
A0F1354D 5798C202
2253F4F5
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDembVAh7ZmuWnJSM27zCtgmX+cGJqmZRxg
Zu92JC3q0d7+oWJhZ3vUGnv652aO2qn7BIw3oPE1TVeYwgIiU/T1
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into
OpenSSH authorized_keys file :
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDembVAh7ZmuWnJSM27zCtgmX+cGJqmZRxgZu92JC3q
0d7+oWJhZ3vUGnv652aO2qn7BIw3oPE1TVeYwgIiU/T1
rsa-key
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameter
brief: Displays
brief information about all client public keys.
keyname: Name
of a client public key, a string of 1 to 64 characters.
Description
Use the display rsa peer-public-key
command to display the public key in the RSA key pair of a specific client. If
no key name is specified, the command displays all client public keys.
Example
# Display all client public keys in brief.
<H3C> display rsa
peer-public-key brief
Address Bits Name
---------------------------
1023 abcd
1024 hq
# Display the client public key named "abcd".
<H3C>
display rsa peer-public-key name abcd
=====================================
Key name: abcd
Key address:
=====================================
Key Code:
308186
028180
739A291A BDA704F5 D93DC8FD
F84C4274 631991C1 64B0DF17 8C55FA83 3591C7D4
7D5381D0
9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408
61B74A0E 135523CC D74CAC61
F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9
44018B3B
69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4 BB45504F
0201
25
Syntax
display ssh server
{ status | session }
View
Any view
Parameter
status: Displays
SSH status information.
session: Displays
SSH session information.
Description
Use the display ssh server
command to display status or session information about the SSH Server.
Related command: ssh server authentication-retries,
ssh server timeout.
Example
# Display status information about the SSH Server.
<H3C> display ssh server status
SSH version : 2.0
SSH connection timeout : 60 seconds
SSH Authentication retries : 2 times
SFTP Server: Disable
# Display session information about the SSH
Server.
<H3C> display ssh server
session
Conn Ver Encry State
Retry SerType Username
VTY 0 2.0 AES started
0 stelnet kk
VTY 1 2.0 AES started
0 sFTP abc
Table 1-1
Description on the fields of the display ssh
server session command
|
Field
|
Description
|
|
Conn
|
Number of VTY interface used for user
login
|
|
Ver
|
SSH version
|
|
Encry
|
Encryption algorithm used by SSH
|
|
State
|
Session status
|
|
Retry
|
Number of connection retries
|
|
SerType
|
Service type
|
|
Username
|
User name
|
Syntax
display ssh user-information [ username ]
View
Any view
Parameter
username: SSH
user name, a string of 1 to 80 characters.
Description
Use the display ssh user-information
command to display information about the current SSH users, including user
name, authentication type, corresponding public key name and authorized service
type. If the username argument is specified, the command displays
information about the specified user.
Example
# Display information about the current SSH
users.
<H3C> display ssh user-information
Username
Authentication-type User-public-key-name Service-type
kk rsa
test sftp
Syntax
display ssh-server source-ip
View
Any view
Parameter
None
Description
Use the display ssh-server source-ip command
to display the current source IP address or the IP address of the source
interface specified for the SSH server. If neither source IP address nor source
interface is specified, the command displays 0.0.0.0.
Example
# Display the current source IP address
specified for the SSH Server.
<H3C> display ssh-server
source-ip
The source IP you specified is
192.168.1.1
Syntax
peer-public-key end
View
Public key view
Parameter
None
Description
Use the peer-public-key end
command to return from public key view to system view.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit public key view.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] peer-public-key
end
[H3C]
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all: Supports
both Telnet and SSH.
ssh: Supports
only SSH.
telnet: Supports
only Telnet.
Description
Use the protocol inbound command to
configure specific user interface(s) to support specified protocol(s). The
configuration will take effect at next user login.
By default, both SSH and Telnet are
supported.
Caution:
l
If you have configured a user interface to
support SSH protocol, to ensure a successful login to the user interface, you
must configure AAA authentication for the user interface by using the authentication-mode
scheme command.
l
For a user interface, if you have executed the authentication-mode
password or authentication-mode none command, the protocol
inbound ssh command cannot be executed; if you have executed the protocol
inbound ssh command, neither of the authentication-mode password and
authentication-mode none commands can be executed.
Related command: user-interface vty.
Example
# Configure vty0 through vty4 to support
SSH only.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] protocol inbound ssh
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin
command to enter public key edit view and input a client public key.
When you input the key data, spaces are
allowed between the characters you input (because the system can remove the
spaces automatically); you can also press <Enter> to continue your input
at the next line. But the key you input should be a hexadecimal digit string
generated randomly by an SSH2.0-supported client software.
Related command: rsa peer-public-key,
public-key-code end.
Example
# Enter public key edit view and input a client
public key.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code
begin
[H3C-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code]
D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code]
BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
public-key-code end
View
Public key edit view
Parameter
None
Description
Use the public-key-code end command
to return from public key edit view to public key view and save the public key
you input.
After you use this command to end editing a
public key, the system will check the validity of the public key before saving the
key.
l
If there is any illegal character in the key, your
configuration fails. In this case, a prompt is displayed and the key is
discarded.
l
If the key is valid, it is saved in the local public
key list.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit public key edit view and save the
public key.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C]rsa peer-public-key kk
[H3C-rsa-public-key]public-key-code
begin
[H3C-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code]
D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code]
BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
rsa local-key-pair create
View
System view
Parameter
None
Description
Use the rsa local-key-pair create
command to generate an RSA host key pair, which is named in the format of
switch name plus "Host".
After you issue the command, the system
prompts you to input a key length. In SSH2.0, the key length is in the range of
512 to 2048 (bits). If the RSA key pair already exists, the system will ask
whether you want to replace the original key pair with a new one.
For a successful SSH login, you must first generate
a local RSA key pair. You just need to execute the rsa local-key-pair create
command once, and need not execute the command again after the system is
rebooted.
Related command: rsa local-key-pair
destroy, display rsa local-key-pair public.
Example
# Generate a local RSA key pair.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa local-key-pair create
The local-key-pair will be created.
The range of public key size is (512
~ 2048).
NOTES: If the key modulus is greater
than 512,
It will take a few minutes.
Input the bits in the modulus[default
= 1024]:
Generating keys...
........................++++++
.......++++++
.................................++++++++
...++++++++
........Done!
Syntax
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Use the rsa local-key-pair destroy
command to destroy the server's RSA key pair.
Related command: rsa local-key-pair
create.
Example
# Destroy the server's RSA key pair.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa local-key-pair destroy
% The local-key-pair will be
destroyed.
% Confirm to destroy these keys?
[Y/N]:y
.............Done!
1.1.12 rsa
peer-public-key
Syntax
rsa peer-public-key key-name
View
System view
Parameter
key-name: Name
of a client public key, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command
to enter public key view.
After using this command, you can use the public-key-code
begin command to manually configure a client public key on the server.
Before you can do this, you should first obtain the hexadecimal-format public
key that is randomly generated on a client.
Related command: public-key-code begin,
public-key-code end.
Example
# Enter H3C002 public key view.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
Syntax
rsa peer-public-key key-name import sshkey file-name
View
System view
Parameter
key-name: Name
of the client public key to be configured, a string of 1 to 64 characters.
file-name: Name
of a client public key file (which was uploaded beforehand from a client to the
Flash memory of the sever), a string of 1 to 142 characters.
Description
Use the rsa peer-public-key import
sshkey command to transform a client public key file to the PKCS format and
use the file to automatically configure a client public key.
This configuration releases you from
manually inputting a client public key. You need only to upload the public key
file of the RSA key pair on a client to the server through FTP/TFTP, and then
use this command to transform the key file format and use the file to configure
a client public key on the server.
Example
# Transform the format of client public key
file abc and configure a public key named 123.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key 123 import
sshkey abc
Syntax
ssh authentication-type default { password | rsa | password-publickey | all
}
undo ssh authentication-type default
View
System view
Parameter
password:
Specifies the authentication type of SSH users to password authentication.
rsa:
Specifies the authentication type of SSH users to RSA public key
authentication.
password-publickey: Specifies the authentication type of SSH users to both password
authentication and public key authentication, that is, both the password
authentication and public key authentication must be passed.
all:
Specifies the authentication type of SSH users to either password authentication
or public key authentication, that is, one of the two types of authentication
must be passed.
Description
Use the ssh authentication-type default
command to specify a default authentication type for SSH users.
With this command configured, after you add
a new SSH user by using the ssh user command, the default authentication
type is adopted for the user unless you use the ssh user authentication-type
command to separately specify an authentication type for the user.
Use the undo ssh authentication-type
default command to remove the default authentication type.
After the undo command is executed,
no default authentication type exists. When you add a new SSH user, you must specify
an authentication type for it simultaneously.
There is no default authentication type unless
you use the ssh authentication-type default command to specify it.
Related command: ssh user
authentication-type.
If the default
authentication type for SSH users is password and local AAA authentication is
adopted, you need not use the ssh user command to create an SSH user.
Instead, you should use the local-user command to create a user name and
its password and then set the service type of the user to SSH.
Example
# Specify the default authentication type
of SSH users to password authentication.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh authentication-type default
password
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameter
times: Authentication
retry times, in the range of 1 to 5.
Description
Use the ssh server
authentication-retries command to set the authentication retry times for
SSH connections.
Use the undo ssh server
authentication-retries command to restore the default authentication retry
times.
By default, the number of authentication
retry times is 3.
The configuration here will take effect at
next user login.
Related command: display ssh server.
If you have used
the ssh user authentication-type command to configure the authentication
type of a user to password-publickey, you must set the authentication
retry times to a number greater than or equal to 2 (so that the user can access
the switch), because one is counted when a client sends the member module of
its public key to the server.
Example
# Set the authentication retry times to four.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh server
authentication-retries 4
Syntax
ssh server timeout seconds
undo ssh server timeout
View
System view
Parameter
seconds: Authentication
timeout time, ranging from 1 to 120 (in seconds).
Description
Use the ssh server timeout command
to set the authentication timeout time for SSH connections.
Use the undo ssh server timeout
command to restore the default timeout time (that is, 60 seconds).
The configuration here will take effect at
next login.
Related command: display ssh server.
Example
# Set the authentication timeout time to 80
seconds.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh server timeout 80
Syntax
ssh user
username assign rsa-key keyname
undo ssh user username assign rsa-key
View
System view
Parameter
username: Valid
SSH user name, a string of 1 to 80 characters.
keyname: Client
public key name, a string of 1 to 64 characters.
Description
Use the ssh user assign rsa-key
command to assign a client public key to an SSH user. This configuration takes
effect at the next login.
Use the undo ssh user assign rsa-key
command to remove this assignment, so that no public key is associated with the
user.
If the user has already been assigned with
a public key, the newly assigned public key will overwrite the old one.
Related command: display ssh
user-information.
Example
# Assign the client public key named "key1"
to user kk.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh user kk assign rsa-key key1
Syntax
ssh user
username authentication-type { password | rsa | password-publickey
| all }
undo ssh user
username authentication-type
View
System view
Parameter
username: Valid
SSH user name, a string of 1 to 80 characters.
password: Sets
the authentication type to password authentication.
rsa: Sets
the authentication type to RSA public key authentication.
password-publickey: Sets the authentication type to both password and RSA public key
authentication. That is, the user can access the switch only when both the
password authentication and the RSA public key authentication are passed.
all: Sets
the authentication type to either password or RSA public key authentication.
That is, the user can access the switch as long as one of the two
authentications (password and RSA public key) is passed.
Description
Use the ssh user authentication-type
command to set the available authentication type for an SSH user.
Use the undo ssh user
authentication-type command to restore the default setting.
l
This command only determines what kind of
authentication is allowed for a user to log into the switch. It is the user who
will determine (on the client) the actual authentication type.
l
For password authentication, username
should be consistent with a valid user name defined in AAA; for rsa
authentication, username is the name of an SSH local user, and there is
no need to configure a local user in AAA.
By default, no authentication type is set
for new users, so they cannot access the switch.
For new users, you must specify the authentication
type for them through the ssh user authentication-type command on the
server. Otherwise, they cannot access the switch. A new authentication type configuration
will take effect at the next login.
Related command: display ssh
user-information.
Example
# Set the authentication type for user kk
to password authentication.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh user kk authentication-type
password
Syntax
ssh-server source-interface interface-type interface-number
undo ssh-server source-interface
View
System view
Parameter
interface-type: Source interface type, which can be LoopBack or VLAN-interface.
interface-number: Source interface number.
Description
Use the ssh-server source-interface command
to specify a source interface for the SSH server. If the specified interface
does not exist, the command fails.
Use the undo ssh-server source-interface
command to cancel the source interface setting. Then, a local device address
determined by the system can be used by SSH users to access the server.
Example
# Specify VLAN-interface2 as the source
interface of the SSH server.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh-server source-interface
Vlan-interface 2
Syntax
ssh-server source-ip ip-address
undo ssh-server source-ip
View
System view
Parameter
ip-address: IP
address to be set as the source IP address.
Description
Use the ssh-server source-ip command
to specify a source IP address for the SSH server. If the specified IP address
is not an IP address of the device, the command fails.
Use the undo ssh-server source-ip command
to cancel the source IP address setting. Then, a local device address determined
by the system can be used by users to access the switch.
Example
# Specify source IP address 192.168.0.1 for
the SSH server.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh-server source-ip
192.168.0.1
Syntax
display ssh2 source-ip
View
Any view
Parameter
None
Description
Use the display ssh2 source-ip command
to display the current source IP address or the IP address of the source
interface specified for the SSH2 client. If neither source IP address nor
source interface is specified, the command displays 0.0.0.0.
Example
# Display the current source IP address
specified for the SSH2 Client.
<H3C> display ssh2 source-ip
The source IP you specified is
192.168.0.1
Syntax
display ssh server-info
View
Any view
Parameter
None
Description
Use the display ssh server-info
command to display the association between the server public keys configured on
the client and the servers.
Example
# Display the association between the
server public keys and the servers.
[H3C] display ssh server-info
Server Name(IP)
Server public key name
______________________________________________________
192.168.0.1
abc_key01
192.168.0.2 abc_key02
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin
command to enter public key edit view and input a public key of a server.
When you input the key data, spaces are
allowed between the characters you input (because the system can remove the
spaces automatically); you can also press <Enter> to continue your input
at the next line. But the key you input should be a hexadecimal digit string
generated randomly by using the rsa local-key-pair create command on an
SSH server.
Related command: rsa peer-public-key,
public-key-code end.
Example
# Enter public key edit view and input a public
key of a server.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code
begin
[H3C-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code]
D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code]
BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key]
Syntax
public-key-code end
View
Public key edit view
Parameter
None
Description
Use the public-key-code end command
to return from public key edit view to public key view and save the public key
you input.
After you use this command to end editing
the public key, the system will check the validity of the public key before
saving the key.
l
If there is any illegal character in the key, your
configuration fails. In this case, a prompt is displayed and the key is discarded.
l
If the key is valid, it is saved in the local
public key list.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit public key edit view and save the
public key you input.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code
begin
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
quit
View
User view
Parameter
None
Description
Use the quit command to terminate
the connection to the remote SSH server.
Example
# Terminate the connection to the remote
SSH server.
<H3C> quit
Syntax
rsa peer-public-key key-name
View
System view
Parameter
key-name: Server
public key name, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command
to enter public key view.
After using this command, you can use the public-key-code
begin command to configure a server's public key (generated randomly by
using the rsa local-key-pair create command on a server) on the client.
Related command: public-key-code begin,
public-key-code end, rsa local-key-pair create.
Example
# Enter H3C002 public key view.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
Syntax
ssh client {
server-ip | server-name } assign rsa-key keyname
undo ssh client server-ip assign rsa-key
View
System view
Parameter
server-ip: Server
IP address.
server-name:
Server name, a string of 1 to 80 characters.
keyname: Server
public key name, a string of 1 to 64 characters.
Description
Use the ssh client assign rsa-key
command to assign a public key to an SSH server on the client, so that the
client can regard the server as a reliable server when it connects to the server.
Use the undo ssh client assign
rsa-key command to cancel the assignment.
Example
# Configure the public key named "abc"
for server 192.168.0.1 on the client.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh client 192.168.0.1 assign
rsa-key abc
Syntax
ssh client first-time enable
undo ssh client first-time
View
System view
Parameter
None
Description
Use the ssh client first-time enable
command to enable the client to run initial authentication for the SSH server it
accesses for the first time.
Use the undo ssh client first-time
command to disable the client from running initial authentication.
If an SSH client is
enabled to run initial authentication, when the SSH client accesses an SSH
server for the first time and it does not have the public key of the server,
the client allows you to select to continue the access and save the public key
of the server to local device; when the client accesses the server at the next
time, it will authenticate the server against the public key saved locally.
When an SSH client is disabled from running
initial authentication, the SSH client cannot access an SSH server if it does
not have the public key of the server. In this case, you need first to save the
public key of the target server to the client in another way.
By default, the client is enabled to run
initial authentication.
Example
# Enable the client to run initial
authentication.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh client first-time enable
Syntax
ssh2 { host-ip
| host-name } [ port-num ] [ prefer_kex { dh_group1
| dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128
} ] [ prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac
{ sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac
{ sha1 | sha1_96 | md5 | md5_96 } ]
View
System view
Parameter
host-ip: Server
IP address.
host-name: Server
name, a string of 1 to 20 characters.
port-num: Server
port number. It is in the range of 0 to 65,535 and defaults to 22.
prefer_kex: Specifies
the preferred key exchange algorithm. You can select one from the following two
algorithms.
dh_group1: Diffie-Hellman-group1-sha1
key exchange algorithm. It is the default algorithm.
dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Specifies the preferred client-to-server encryption algorithm,
which is AES128 by default.
prefer_stoc_cipher: Specifies the preferred server-to-client encryption algorithm, which
is AES128 by default.
des: DES_cbc
encryption algorithm.
aes128: AES_128
encryption algorithm.
prefer_ctos_hmac: Specifies the preferred client-to-server HMAC (Hash-based message
authentication code) algorithm, which is SHA1_96 by default.
prefer_stoc_hmac: Specifies the preferred server-to-client HMAC algorithm, which is
SHA1_96 by default.
sha1: HMAC-SHA1
algorithm.
sha1_96: HMAC-SHA1-96
algorithm.
md5: HMAC-MD5
algorithm.
md5_96: HMAC-MD5-96
algorithm.
l
DES (data encryption standard) is a standard data
encryption algorithm.
l
AES (advanced encryption standard) is an
advanced encryption standard algorithm.
Description
Use the ssh2 command to start the SSH
client to establish a connection with an SSH server, and at the same time
specify the preferred key exchange algorithm, encryption algorithms and HMAC
algorithms between the server and client.
Example
# Log into SSH2.0 server 10.214.50.51 with:
l
dh_exchange_group
as the preferred key exchange algorithm,
l
aes128 as the
preferred server-to-client encryption algorithm,
l
md5 as the
preferred client-to-server HMAC algorithm, and
l
sha1_96 as the
preferred server-to-client HMAC algorithm.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh2 10.214.50.51 prefer_kex
dh_exchange_group prefer_stoc_cipher aes128 prefer_ctos_hmac md5
prefer_stoc_hmac sha1_96
Syntax
ssh2 source-interface interface-type interface-number
undo ssh2 source-interface
View
System view
Parameter
interface-type: Source interface type, which can be LoopBack or VLAN-interface.
interface-number: Source interface number.
Description
Use the ssh2 source-interface command
to specify a source interface for the SSH2 client. If the specified interface
does not exist, the command fails.
Use the undo ssh2 source-interface command
to cancel the source interface setting. Then, a local device address determined
by the system is used to access an SSH2 server.
Example
# Specify source interface VLAN-interface1
for the SSH2 client.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh2 source-interface
Vlan-interface 1
Syntax
ssh2 source-ip ip-address
undo ssh2 source-ip
View
System view
Parameter
ip-address: Source
IP address.
Description
Use the ssh2 source-ip command to
specify a source IP address for the SSH2 client. If the specified IP address is
not an address of the device, the command fails.
Use the undo ssh2 source-ip command
to cancel the source IP address setting. Then, a local device address
determined by the system is used to access an SSH2 server.
Example
# Specify source IP address 192.168.1.1 for
the SSH2 client.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh2 source-ip 192.168.1.1
Syntax
sftp server enable
undo sftp server
View
System view
Parameter
None
Description
Use the sftp server enable command
to enable secure FTP (SFTP) Server.
Use the undo sftp server command to
disable SFTP Server.
By default, SFTP Server is disabled.
Example
# Enable SFTP Server.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] sftp server enable
Syntax
ssh user username
service-type { stelnet | sftp | all }
undo ssh user username service-type
View
System view
Parameter
username: SSH
user name, a string of 1 to 80 characters.
stelnet: Specifies
that the user can access the secure Telnet service.
sftp: Specifies
that the user can access the SFTP service.
all: Specifies
that the user can access both services (secure Telnet and SFTP).
Description
Use the ssh user service-type
command to configure service type for a user so that the user can access
specified service(s).
Use the undo ssh user service-type
command to restore the default service type.
The default service type for an SSH user is
stelnet.
Related command: display ssh
user-information.
Example
# Specify that user kk can access SFTP
service.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh user kk service-type sftp
Syntax
sftp timeout time-out-value
undo sftp timeout
View
System view
Parameter
Time-out-value: Timeout time, in the range of 1 to 35,791 (minutes).
Description
Use the sftp timeout command to set
the idle timeout time for SFTP connections.
Use the undo sftp timeout command to
restore the default idle timeout time (that is, 10 minutes).
After this setting, the system will
automatically release an SFTP connection when the SFTP connection is idle for a
time longer than the time threshold you set.
Example
# Set the idle timeout time for SFTP connections
to 500 minutes.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] sftp timeout 500
Syntax
bye
View
SFTP client view
Parameter
None
Description
Use the bye command to terminate the
connection to a remote SFTP server and return to system view.
This command has the same function as the exit
and quit commands.
Example
# Terminate the connection to the remote
SFTP server.
sftp-client> bye
Bye
[H3C]
Syntax
cd [ remote-path
]
View
SFTP client view
Parameter
remote-path:
Name of a path on the remote SFTP server.
Description
Use the cd command to change the
current path on the remote SFTP server. If the remote-path argument is
not specified, the current path is displayed.
You can use the cd..
command to return to the upper level directory.
You can use the cd
/ command to return to the root directory of the system (that is, flash:/).
Example
# Change current path to new1.
sftp-client> cd new1
Current Directory is:
flash:/new1
Syntax
cdup
View
SFTP client view
Parameter
None
Description
Use the cdup command to return to
the upper directory of the current path on the remote SFTP server.
Example
# Return to the upper directory.
sftp-client> cdup
Current Directory is:
flash:/
Syntax
delete remote-file
View
SFTP client view
Parameter
remote-file:
Name of a file on the remote SFTP server.
Description
Use the delete command to delete the
specified file from the remote SFTP server.
This command has the same function as the remove
command.
Example
# Delete file test.txt from the remote SFTP
server.
sftp-client> delete test.txt
The followed File will be deleted:
flash:/test.txt
Are you sure to delete it?(Y/N):y
This operation may take a long
time.Please wait...
File successfully Removed
Syntax
dir [ remote-path
]
View
SFTP client view
Parameter
remote-path:
Path name of the intended directory.
Description
Use the dir command to display the
specified directory on the remote SFTP server.
If the remote-path argument is not
specified, the files in the current directory are displayed.
This command has the same function as the ls
command.
Example
# Display the files in directory flash:/.
sftp-client> dir flash:/
-rwxrwxrwx 1 noone nogroup
1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup
225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup
283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup
225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone
nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone
nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup
225 Sep 28 08:30 pub2
Syntax
display sftp source-ip
View
Any view
Parameter
None
Description
