1.1 SSH Server
Configuration Commands
Syntax
display rsa local-key-pair public
View
Any view
Parameter
None
Description
Use the display rsa local-key-pair
public command to display the public key of the server host key pair. If no
key pair is generated, the system prompts “% RSA Keys
not found”.
Related command: rsa local-key-pair
create.
Example
# Display the public key of the server host
key pair.
<H3C> display rsa
local-key-pair public
=====================================================
Time of Key pair created: 00:22:39
2000/04/02
Key name: H3C_Host
Key type: RSA encryption Key
=====================================================
Key code:
308188
028180
E576A5CA 8457493F 81024300
C42A88D3 7C79EFC4
3FAA1793 B1620B98 8FEABDD0
9F57B580 A16FDC0B
8FAD2CA5 B987D3A2 498D4232
E517F479 429B7B2A
A6355691 401EAA02 B498A31B
A9E1B45B 9FDB5023
239F0FD6 529E3834 21DF098D
70A8CEEA 94E0ADD1
124B8A63 F183E532 7B67B6D0
78C9C33E E164D278
41BF4952 3962EFF9
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAgQDldqXKhFdJP4ECQwDEKojTfHnvxD+qF5Ox
YguYj+q90J9XtYChb9wLj60spbmH06JJjUIy5Rf0eUKbeyqmNVaRQB6qArSYoxup
4bRbn9tQIyOfD9ZSnjg0Id8JjXCozuqU4K3REkuKY/GD5TJ7Z7bQeMnDPuFk0nhB
v0lSOWLv+Q==
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH
authorized_keys file :
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDldqXKhFdJP4ECQwDEKojTfHnvxD+qF5OxYguYj+q9
0J9XtYChb9wLj60spbmH06JJjUIy5Rf0eUKbeyqmNVaRQB6qArSYoxup4bRbn9tQIyOfD9ZSnjg0Id8J
jXCozuqU4K3REkuKY/GD5TJ7Z7bQeMnDPuFk0nhBv0lSOWLv+Q==
rsa-key
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameter
brief:
Displays brief information about all public keys on the client.
keyname:
Name of the client public key, a string of 1 to 64 characters.
Description
Use the display rsa peer-public-key command
to display the client public key of the specified RSA key pair. If no key name
is specified, the command displays all public keys of the client.
Caution:
Sometimes the
public key modulo displayed with the display rsa peer-public-key command
is one bit smaller than the actual modulo. This is because the actually
generated key pair is one bit smaller than specified. For example, when you
specify a 1024-bit key pair, the actually generated key pair may have 1024 or
1023 bits.
Example
# Display all public keys on the client.
<H3C> display rsa
peer-public-key brief
Address Bits Name
---------------------------
1023 abcd
1024 hq
# Display the public key of the client key
pair abcd.
<H3C> display rsa peer-public-key
name abcd
=====================================
Key name: abcd
Key address:
=====================================
Key Code:
308186
028180
739A291A BDA704F5 D93DC8FD
F84C4274 631991C1 64B0DF17 8C55FA83 3591C7D4
7D5381D0
9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408
61B74A0E 135523CC D74CAC61
F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9
44018B3B
69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4 BB45504F
0201
25
Syntax
display ssh server
{ status | session }
View
Any view
Parameter
status:
Displays SSH status information.
session:
Displays SSH session information.
Description
Use the display ssh server
command to display the status or session information about the SSH server.
Related command: ssh server authentication-retries,
ssh server timeout.
Example
# Display the status information about the
SSH server.
<H3C> display ssh server status
SSH version : 2.0
SSH authentication timeout : 60
seconds
SSH authentication retries : 3 times
SFTP Server: Enable
SFTP idle timeout : 10 minutes
# Display the session information about the
SSH server.
<H3C> display ssh server
session
Conn Ver Encry State
Retry SerType Username
VTY 2 2.0 AES started
0 stelnet 1
Syntax
display ssh user-information
[ username ]
View
Any view
Parameter
username:
SSH user name, a string of 1 to 80 characters.
Description
Use the display ssh user-information
command to display information about the current SSH users, including user
name, authentication mode, key name and authorized service types. If the username
is specified, the command displays information about the specified user.
Related command: ssh user assign rsa-key,
ssh user authentication-type, ssh user service-type.
Example
# Display information about the current
user.
<H3C> display ssh
user-information
Username
Authentication-type User-public-key-name Service-type
kj rsa
null stelnet|sftp
Syntax
peer-public-key end
View
Public key view
Parameter
None
Description
Use the peer-public-key end
command to return to system view from public key view.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit from public key view.
<H3C> system-view
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] peer-public-key
end
[H3C]
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all:
Supports all protocols, including Telnet and SSH.
ssh:
Supports only SSH.
telnet:
Supports only Telnet.
Description
Use the protocol inbound command to
configure the protocols supported in the current user interface.
By default, both SSH and Telnet are supported.
After you use this command with SSH
enabled, your configuration cannot take effect till next login if no RSA key
pair is configured.
Caution:
l
When SSH protocol is specified, to ensure a
successful login, you must configure the AAA authentication using the authentication-mode
scheme command.
l
The protocol inbound ssh configuration
fails if you configured authentication-mode password and authentication-mode
none. When you configured SSH protocol successfully for the user interface,
then you cannot configure authentication-mode password and authentication-mode
none any more.
Related command: user-interface vty.
Example
# Configure vty0 through vty4 to support
SSH only.
<H3C> system-view
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode scheme
[H3C-ui-vty0-4] protocol inbound ssh
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin
command to enter public key edit view and input the client public key.
You can key in a blank space between
characters (since the system can remove the blank space automatically), or
press <Enter> to continue your input at the next line. But the public key,
which is generated randomly by the SSH2.0-supported client software, should be
composed of hexadecimal characters.
Related command: rsa peer-public-key,
public-key-code end.
Example
# Enter public key edit view and input
client public keys.
<H3C> system-view
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code
begin
[H3C-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code]
D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code]
BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-rsa-public-key]
Syntax
public-key-code end
View
Public key edit view
Parameter
None
Description
Use the public-key-code end command
to return from public key edit view to public key view and save the public keys
you set.
After you use this command to terminate the
public key editing, public key validity will be checked before the keys are
saved. If there are illegal characters in the keys, the prompt will be given
and the keys will be discarded. Your configuration this time fails. If the keys
are valid, they will be saved in the public key list of the client.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit from public key edit view and save
the public keys.
<H3C> system-view
[H3C]rsa peer-public-key zhangshan
[H3C-rsa-public-key]public-key-code
begin
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
rsa local-key-pair create
View
System view
Parameter
None
Description
Use the rsa local-key-pair create
command to generate RSA key pairs, whose names are in the format of switch name
plus _host, H3C_host for example.
After you use the command, the system
prompts you to define the key length.
In SSH2.0, the key length is in the range
of 512 to 2048 (bits). With SSH2, some clients require that the keys generated
by the server must be at least or more than 768 bits.
Caution:
If you use this command to generate an RSA key provided an old one
exits, the system will prompt you to replace the previous one or not.
For a successful SSH login, you must
generate the local RSA key pairs first. You just need to execute the command
once, with no further action required even after the system is rebooted.
Related command: rsa local-key-pair
destroy, display rsa local-key-pair public.
Example
# Generate a local RSA key pair.
<H3C> system-view
[H3C] rsa local-key-pair create
The local-key-pair will be created.
The range of public key size is (512
~ 2048).
NOTES: If the key modulus is greater
than 512,
It will take a few minutes.
Input the bits in the modulus[default
= 1024]:
Generating keys...
................++++++
..................++++++
...Done!
Syntax
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Use the rsa local-key-pair destroy
command to destroy the RSA host key pair.
Related command: rsa local-key-pair
create.
Example
# Destroy the RSA host key pair.
<H3C> system-view
[H3C] rsa local-key-pair destroy
% The local-key-pair will be
destroyed.
% Confirm to destroy these keys?
[Y/N]:y
.......Done!
Syntax
rsa peer-public-key keyname
undo rsa peer-public-key keyname
View
System view
Parameter
keyname: Client
public key name, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command
to enter public key view. Use the undo rsa peer public-key command to
delete the configuration of peer public key.
You can use this command along with the public-key-code
begin command to configure on the server client public keys, which are
generated randomly by the SSH2.0-supported client software.
Related command: public-key-code begin,
public-key-code end.
Example
# Enter H3C002 public key view.
<H3C> system-view
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
Syntax
ssh authentication-type default { password | rsa | password-publickey | all
}
undo ssh authentication-type default
View
System view
Parameter
password:
Specifies the authentication type of SSH users to password authentication.
rsa:
Specifies the authentication type of SSH users to RSA public key
authentication.
password-publickey: Specifies the authentication type of SSH users to both password
authentication and public key authentication, that is, the password
authentication and public key authentication must be satisfied simultaneously.
all:
Specifies the authentication type of SSH users to either password authentication
or public key authentication, that is, one of the two authentication types must
be satisfied.
Description
Use the ssh authentication-type default
command to specify a default authentication type for SSH users. After this command
is configured, if a new SSH user added through the ssh command has not
passed the authentication specified by the ssh user authentication-type
command for this user, this user will adopt the default authentication type.
Use the undo ssh authentication-type
default command to remove the specified default authentication type, that
is, no default authentication type is specified. When a new SSH user is added,
an authentication type must be specified for it simultaneously.
By default, no default authentication type
is specified.
Related command: ssh user
authentication-type.
Example
# Specify the default authentication type
of SSH users to password authentication.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh authentication-type default
password
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameter
times:
Authentication retry times. It is in the range of 1 to 5 and defaults to 3.
Description
Use the ssh server
authentication-retries command to set the authentication retry times for
SSH connections.
Use the undo ssh server
authentication-retries command to restore the default authentication retry
times, which will take effect at next login.
Related command: display ssh server.
If you have used
the ssh user authentication-type command to configure the authentication
type to password-publickey, you must set the authentication retry times
to a number greater than or equal to 2.
Example
# Set the authentication retry number to 4.
<H3C> system-view
[H3C] ssh server
authentication-retries 4
Syntax
ssh server timeout seconds
undo ssh server timeout
View
System view
Parameter
seconds:
Authentication timeout time. It is in the range of 1 to 120 (seconds) and
defaults to 60 seconds.
Description
Use the ssh server timeout command
to set authentication timeout time for SSH connections.
Use the undo ssh server timeout
command to restore the default timeout time. The default value takes effect at
next login.
Related command: display ssh server.
Example
# Set the authentication timeout time to 80
seconds.
<H3C> system-view
[H3C] ssh server timeout 80
Syntax
ssh user username
undo ssh user username
View
System view
Parameter
username: Valid
SSH user name, a string of 1 to 80 characters.
Description
Use the ssh user command to create
an SSH user.
Use the undo ssh user to delete a
specified SSH user.
For an SSH user
created by using this command, if you do not specify an authentication type by
using the ssh user authentication-type command for this user, this SSH
user adopts the default authentication type. On the other hand, if the default
authentication type is not specified, you need to specify an authentication
type for this SSH user.
An SSH user is
created on an SSH server for the purpose of specifying the authentication type,
the SSH service type, and the public key for the SSH user. An existing SSH user
will be removed automatically if it has none of the authentication type, the SSH
service type, and the public key configured.
Example
# Specify the default authentication type
as password authentication. Create an SSH user with the name “abc”.
<H3C> system-view
Enter system view, return to user
view with Ctrl+Z.
[H3C] ssh authentication-type default
password
[H3C] ssh user abc
Syntax
ssh user
username assign rsa-key keyname
undo ssh user
username assign rsa-key
View
System view
Parameter
username:
SSH user name, a string of 1 to 80 characters.
keyname:
Client public key name, a string of 1 to 64 characters.
Description
Use the ssh user assign rsa-key
command to allocate public keys to SSH users.
Use the undo ssh user assign rsa-key
command to remove the association between the public keys and SSH users. The configuration
takes effect at the next login.
If the user already has a public key, the
new public key overrides the old one.
Related command: display ssh
user-information.
Example
# Set the client public key for the zhangsan
user to key1.
<H3C> system-view
[H3C] ssh user zhangsan assign rsa-key
key1
Syntax
ssh user
username authentication-type { password | rsa | password-publickey
| all }
undo ssh user
username authentication-type
View
System view
Parameter
username:
Valid SSH user name, a string of 1 to 80 characters.
password:
Specifies the authentication type as password.
rsa:
Specifies the authentication type as RSA public key.
password-publickey: Specifies the authentication type as both password and RSA public
key. That is, the user can pass the authentication only if both the password and
RSA public key are correct.
all:
Specifies the authentication type as either password or RSA public key. That
is, the user can pass the authentication if either the password or RSA public
key is correct.
Description
Use the ssh user authentication-type
command to define on the server the available authentication type for an SSH
user.
Use the undo ssh user authentication-type
command to restore the default setting.
This command defines available authentication type on the server. The
actual authentication type, however, is determined by the client.
By default, no authentication type is
specified for new users, so they cannot access the switch.
New users must specify authentication type.
Otherwise, they cannot access the switch. The new authentication type configured
takes effect at the next login.
Related command: display ssh
user-information.
For password
authentication, username should be consistent with a valid user name
defined in AAA; for rsa authentication, username is the name of
an SSH local user, and there is no need to configure a local user in AAA.
Example
# Set the authentication type for the zhangsan
user as password.
<H3C> system-view
[H3C] ssh user zhangsan
authentication-type password
Syntax
display ssh server-info
View
Any view
Parameter
None
Description
Use the display ssh server-info
command to display the association between the server public keys configured on
the client and the servers.
Example
# Display the association between the
server public keys and the servers.
<H3C> display ssh server-info
Server Name(IP)
Server public key name
______________________________________________________
192.168.0.1 abc_key01
192.168.0.2 abc_key02
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin
command to enter public key edit view and set server public keys.
You can key in a blank space between
characters (since the system can remove the blank space automatically), or
press <Enter> to continue your input at the next line. But the public key,
which are generated randomly after you use the rsa local-key-pair create
command on the server, should be composed of hexadecimal characters.
Related command: rsa peer-public-key,
public-key-code end, rsa local-key-pair create.
Example
# Enter public key edit view and set server
public keys.
<H3C> system-view
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code
begin
[H3C-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code]
D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code]
BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
public-key-code end
View
Public key edit view
Parameter
None
Description
Use the public-key-code end command
to return from public key edit view to public key view and save the public keys
you set.
After you use this command to terminate the
public key editing, public key validity will be checked before the keys are
saved. If there are illegal characters in the keys, the prompt will be given
and the keys will be discarded. Your configuration this time fails. If the keys
are valid, they will be saved in the client list.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit from public key edit view and save
the public keys.
<H3C> system-view
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code
begin
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
quit
View
User view
Parameter
None
Description
Use the quit command to terminate the
connection to the remote SSH server.
Example
# Terminate the connection to the remote
SSH server.
<H3C> quit
Syntax
rsa peer-public-key keyname
undo rsa peer-public-key keyname
View
System view
Parameter
keyname:
Server public key name, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command
to enter public key view. Use the undo rsa peer public-key command to
delete the configuration of peer public key.
You can use this command along with the public-key-code
begin command to configure on the client the server public keys, which are
generated randomly after you use the rsa local-key-pair create command.
Related command: public-key-code begin,
public-key-code end, rsa local-key-pair create.
Example
# Enter H3C002 public key view.
<H3C> system-view
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
Syntax
ssh client {
server-ip | server-name } assign rsa-key keyname
undo ssh client { server-ip | server-name } assign rsa-key
View
System view
Parameter
server-ip:
Server IP address.
server-name:
Server name, a string of 1 to 80 characters.
keyname: Server
public key name, a string of 1 to 64 characters.
Description
Use the ssh client assign rsa-key
command to specify on the client the public key for the server to be connected
to guarantee the client can be connected to a reliable server.
Use the undo ssh client assign rsa-key
command to remove the association between the public keys and servers.
By default, the host public key of the
server is not configured, and when logging into the server, the client uses the
IP address or host name used for login as the public key name.
Example
# Specify on the client the public key of the
server (with IP address 192.168.0.1) as abc.
<H3C> system-view
[H3C] ssh client 192.168.0.1 assign rsa-key
abc
Syntax
ssh client first-time enable
undo ssh client first-time
View
System view
Parameter
None
Description
Use the ssh client first-time enable
command to configure the client to run the initial authentication.
Use the undo ssh client first-time
command to remove the configuration.
In the initial authentication, if the SSH
client does not have the public key for the server which it accesses for the
first time, the client continues to access the server and save locally the
public key of the server. Then at the next access, the client can authenticate the
server with the public key saved locally.
When the initial authentication function is
not available, the client does not access the server if it does not have the
public key of the server locally. In this case, you need first to save the
public key of the target server to the client in other ways.
By default, the client runs the initial authentication.
Example
# Configure the client to run the initial
authentication.
<H3C> system-view
[H3C] ssh client first-time enable
Syntax
ssh2 { host-ip
| host-name } [ port-num ] [ prefer_kex { dh_group1
| dh_exchange_group } | prefer_ctos_cipher { des | aes128
} | prefer_stoc_cipher { des | aes128 } | prefer_ctos_hmac
{ sha1 | sha1_96 | md5 | md5_96
} | prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96
} ] *
View
System view
Parameter
host-ip:
Server IP address.
host-name: Server name, a string of 1 to 20 characters.
port-num:
Server port number. It is in the range of 0 to 65,535 and defaults to 22.
prefer_kex:
Key exchange algorithm preference. Choose one of the two algorithms
available.
dh_group1: Diffie-Hellman-group1-sha1
key exchange algorithm. It is the default algorithm.
dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Encryption algorithm preference from the client to server. It
defaults to AES128.
prefer_stoc_cipher: Encryption algorithm preference from the server to client. It
defaults to AES128.
des: DES_cbc
encryption algorithm.
aes128: AES_128
encryption algorithm.
prefer_ctos_hmac: HMAC algorithm preference from the client to server. It defaults
to SHA1_96.
prefer_stoc_hmac: HMAC algorithm preference from the server to client. It defaults
to SHA1_96.
sha1: HMAC-SHA1
algorithm.
sha1_96: HMAC-SHA1_96
algorithm.
md5: HMAC-MD5
algorithm.
md5_96: HMAC-MD5-96
algorithm.
Description
Use the ssh2 command to enable the
connection between SSH client and server, define key exchange algorithm
preference, encryption algorithm preference and HMAC algorithm preference on the
server and client.
Example
# Log into the SSH2.0 server with IP
address 10.214.50.51 and make these settings:
l
Key exchange algorithm preference as dh_exchange_group
l
encryption algorithm preference from the server
to client as aes128
l
HMAC algorithm preference from the client to
server as md5
l
HMAC algorithm preference from the server to
client as sha1_96
<H3C> system-view
[H3C] ssh2 10.214.50.51 prefer_kex dh_exchange_group
prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96
Syntax
sftp server enable
undo sftp server
View
System view
Parameter
None
Description
Use the sftp server enable command
to enable the secure FTP (SFTP) server.
Use the undo sftp server enable
command to disable the SFTP server.
By default, the SFTP server is disabled.
Example
# Enable the SFTP server.
<H3C> system-view
[H3C] sftp server enable
# Disable the SFTP server.
[H3C] undo sftp server
Syntax
ssh user username
service-type { stelnet | sftp | all }
undo ssh user username service-type
View
System view
Parameter
username:
Local user name or the user name defined on the remote RADIUS server, a string
of 1 to 80 characters.
stelnet: Sets
the service type to Telnet.
sftp: Sets
the service type to SFTP.
all:
Includes Telnet and SFTP two services types.
Description
Use the ssh user service-type command
to specify service type for a user.
Use the undo ssh user service-type
command to remove the service type specified for an SSH user.
The default service type for the SSH user
is stelnet.
Related command: display ssh
user-information.
Example
# Specify SFTP service for SSH user zhangsan.
<H3C> system-view
[H3C] ssh user zhangsan service-type sftp
Sytax
sftp timeout timeout-value
undo sftp timeout
View
System view
Parameter
timeout-value: Timeout time. It is in the range of 1 to 35,791 (minutes) and
defaults to 10 minutes.
Description
Use the sftp timeout command to set
the timeout time for the SFTP user connection.
Use the undo sftp timeout command to
restore the default timeout time.
After you set the timeout time for the SFTP
user connection, the system will automatically release the connection when the
time is up.
Example
# Set the timeout time for the SFTP user
connection to 500 minutes.
<H3C> system-view
[H3C] sftp timeout 500
Syntax
bye
View
SFTP client view
Parameter
None
Description
Use the bye command to terminate the
connection to the remote SFTP server and return to system view.
This command has the same function as the exit
and quit commands.
Example
# Terminate the connection to the remote
SFTP server.
sftp-client> bye
Bye
[H3C]
Syntax
cd [ remote-path
]
View
SFTP client view
Parameter
remote-path:
Name of a path on the server.
Description
Use the cd command to change the
current path on the remote SFTP server. If you did not specify the remote-path
argument, the current path is displayed.
You can use the cd
.. command to return to the upper level directory.
You can use the cd
/ command to return to the root directory of the system (that is, flash:/).
Example
# Change current path to new1.
sftp-client> cd new1
Current Directory is:
flash:/new1
Syntax
cdup
View
SFTP client view
Parameter
None
Description
Use the cdup command to return to
the upper directory.
Example
# Return to the upper directory.
sftp-client> cdup
Current Directory is:
flash:/
Syntax
delete remote-file&<1-10>
View
SFTP client view
Parameter
remote-file&<1-10>: Name of a file on the server. &<1-10> means that you can
provide up to 10 filenames, which are separated by space.
Description
Use the delete command to delete the
specified file from the server.
This command has the same function as the remove
command.
Example
# Delete file test from the server.
sftp-client> delete test.txt
The following files will be deleted:
flash:/test.txt
Are you sure to delete it?(Y/N):y
This operation may take a long
time.Please wait...
File successfully Removed
Syntax
dir [ -a
| -l ] [ remote-path ]
View
SFTP client view
Parameter
-a: Displays
the filenames or the folder names of the specified directory.
-l: Displays
in list form detailed information of the files and folder of the specified
directory.
remote-path:
Name of the intended directory.
Description
Use the dir command to display the
files in the specified directory.
With the –a and –l keyword
not specified, the command displays detailed information of files and
folder under the specified directory in a list form.
If the remote-path argument is not
specified, the files in the current directory are displayed.
This command has the same function as the ls
command.
Example
# Display the files in directory flash:/.
sftp-client> dir flash:/
-rwxrwxrwx 1 noone nogroup
1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup
225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup
283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup
225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup
0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup
0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup
225 Sep 28 08:30 pub2
Syntax
exit
View
SFTP client view
Parameter
None
Description
Use the exit command to terminate
the connection to the remote SFTP server and return to system view.
This command has the same function as the bye
and quit commands.
Example
# Terminate the connection to the remote
SFTP server.
sftp-client> exit
[H3C]
Syntax
get remote-file
[ local-file ]
View
SFTP client view
Parameter
remote-file:
Name of the source file on the remote SFTP server.
local-file: Name
assigned to the file to be saved at the local end.
Description
Use the get command to download and
save a file from a remote server.
If no local file name is specified, the
name of the source file is used by default.
Example
# Download file temp1.c and save it with name
temp.c.
sftp-client> get temp1.c temp.c
Syntax
help [ all
| command ]
View
SFTP client view
Parameter
all:
Displays a list of all commands.
command: Name
of a command.
Description
Use the help command to get the help
information about the specified or all SFTP client commands.
If the command argument is not
specified, the help information about all commands is displayed.
Example
# Display the help information about the get
command.
sftp-client> help get
get remote-path [local-path]
Download file
Default local-path is the same with
remote-path
Syntax
ls [ -a
| -l ] [ remote-path ]
View
SFTP client view
Parameter
-a: Displays
the filenames or the folder names of the specified directory.
-l: Displays
in list form detailed information of the files and folder of the specified
directory.
remote-path:
Name of the intended directory.
Description
Use the ls command to display the
files in the specified directory.
With the –a and –l keyword
not specified, the command displays detailed information of files and
folder under the specified directory in a list form.
If the remote-path argument is not
specified, the files in the current directory are displayed.
This command has the same function as the dir
command.
Example
# Display the files in directory flash:/.
sftp-client> ls flash:/
-rwxrwxrwx 1 noone nogroup
1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup
225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup
283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup
225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup
0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup
0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup
225 Sep 28 08:30 pub2
Syntax
mkdir remote-path
View
SFTP client view
Parameter
remote-path:
Name of a directory on the remote SFTP server.
Description
Use the mkdir command to create a
directory on the remote SFTP server.
Example
# Create directory test on the remote SFTP
server.
sftp-client> mkdir test
Syntax
put local-file
[ remote-file ]
View
SFTP client view
Parameter
local-file: Name
of the source file at the local end.
remote-file:
Name assigned to the file to be saved on the remote SFTP server.
Description
Use the put command to upload a
local file to the remote SFTP server.
If no name is specified for the file to be
saved on the remote SFTP server, the name of the source file is used.
Example
# Upload local file config.cfg to the
remote SFTP server and save it with the name 1.txt.
sftp-client>put config.cfg 1.txt
This operation may take a long time,
please wait...
Local file:config.cfg ---> Remote
file: flash:/1.txt
Uploading file successfully ended
Syntax
pwd
View
SFTP client view
Parameter
None
Description
Use the pwd command to display the
current directory on the SFTP server.
Example
# Display the current directory on the SFTP
server.
sftp-client> pwd
flash:/
Syntax
quit
View
SFTP client view
Parameter
None
Description
Use the quit command to terminate
the connection to the remote SFTP server and exit to system view.
This command has the same function as the bye
and exit commands.
Example
# Terminate the connection to the remote SFTP
server.
sftp-client> quit
[H3C]
Syntax
remove remote-file&<1-10>
View
SFTP client view
Parameter
remote-file&<1-10>: Name of a file on the server. &<1-10> means that you can
provide up to 10 filenames, which are separated by space.
Description
Use the remove command to delete the
specified file from the server.
This command has the same function as the delete
command.
Example
# Delete file temp.c from the server.
sftp-client> remove temp.c
The following files will be
deleted:
flash:/ temp.c
Are you sure to delete it?(Y/N):y
This operation may take a long
time.Please wait...
File successfully Removed
Syntax
rename old
name new name
View
SFTP client view
Parameter
old name: Original
file name.
new name: New
file name.
Description
Use the rename command to change the
name of the specified file on the SFTP server.
Example
# Change the name of file temp1 on the SFTP
server to temp2.
sftp-client> rename temp1 temp2
Syntax
rmdir remote-path&<1-10>
View
SFTP client view
Parameter
remote-path&<1-10>: Name of a directory on the remote SFTP server. &<1-10>
means that you can provide up to 10 filenames that are separated by space.
Description
Use the rmdir command to delete the
specified directory from the remote SFTP server.
Example
# Delete directory hello from the remote
SFTP server.
sftp-client> rmdir hello
Directory successfully removed
Syntax
sftp { host-ip
| host-name } [ port-num ] [ prefer_kex { dh_group1
| dh_exchange_group } | prefer_ctos_cipher { des | aes128
} | prefer_stoc_cipher { des | aes128 } | prefer_ctos_hmac
{ sha1 | sha1_96 | md5 | md5_96 } | prefer_stoc_hmac
{ sha1 | sha1_96 | md5 | md5_96 } ] *
View
System view
Parameter
host-ip: IP
address of the server.
host-name: Name
of the server, a string of 1 to 20 characters.
port-num: Port
number of the server, in the range 0 to 65,535. The default port number is 22.
prefer_kex: Key
exchange algorithm preference. Choose one of the two algorithms available.
dh_group1: Diffie-Hellman-group1-sha1
key exchange algorithm. It is the default key exchange algorithm.
dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Encryption algorithm preference from the client to server. It
defaults to AES128.
prefer_stoc_cipher: Encryption algorithm preference from the server to client. It
defaults to AES128.
des: DES_cbc
encryption algorithm.
aes128: AES_128
encryption algorithm.
prefer_ctos_hmac: HMAC algorithm preference from the client to server. It defaults
to SHA1_96.
prefer_stoc_hmac: HMAC algorithm preference from the server to client. It defaults
to SHA1_96.
sha1: HMAC-SHA1
algorithm.
sha1_96: HMAC-SHA1_96
algorithm.
md5: HMAC-MD5
algorithm.
md5_96: HMAC-MD5-96
algorithm.
Description
Use the sftp command to establish a connection
to the SFTP server and enter SFTP client view.
Example
# Establish a connection to the SFTP server
with IP address 192.168.0.65 and use the default encryption algorithms.
<H3C> system-view
[H3C] sftp 192.168.0.65
