1.1 SSH Server
Configuration Commands
Syntax
display rsa local-key-pair public
View
Any view
Parameter
None
Description
Use the display rsa local-key-pair
public command to display the public key of the host key pair (H3C_Host)
and the public key of the server key pair (H3C_Server).
Related command: rsa local-key-pair
create.
Example
# Display the public keys of the server key
pair and host key pair on the server.
<H3C> display rsa
local-key-pair public
=====================================================
Time of Key pair created: 16:51:29
2006/04/27
Key name: H3C_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
E4B60800 48C19975 3D912FCE
0BBEA711 3E4B94D0
E8E6A080 F4D5D2DA 4BCBAF07
B9F91198 FE9937C6
EE0C7AEE 1B8C06F0 8BF01F36
05CF26DB F789A2D8
23182ECB
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDktggASMGZdT2RL84LvqcRPkuU0OjmoID0
1dLaS8uvB7n5EZj+mTfG7gx67huMBvCL8B82Bc8m2/eJotgjGC7L
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH
authorized_keys file :
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDktggASMGZdT2RL84LvqcRPkuU0OjmoID01dLaS8uv
B7n5EZj+mTfG7gx67huMBvCL8B82Bc8m2/eJotgjGC7L
rsa-key
=====================================================
Time of Key pair created: 16:51:55
2006/04/27
Key name: H3C_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
E1D3BAFE 5E646CF2 241602A1
2FF9AF7F 4AE5A7DE
02894012 1A733A4B 3ABA2F65
DB8CE292 644BB45C
2613F773 BC67C912 DCDACBF6
11DF66CA B48A9F0F
97886142 DB845B18 9C956B16
76D7C8BC 7E355894
CC2854F0 0D29376C 5F30F7A5
98A64CAD
0203
010001
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameter
brief:
Displays brief information about all public keys on the client.
keyname:
Name of the client public key, a string of 1 to 64 characters.
Description
Use the display rsa peer-public-key
command to display the client public key of the specified RSA key pair. If no
key name is specified, the command displays the bit numbers and names of all
public keys of the client.
Example
# Display all public keys on the client.
<H3C> display rsa
peer-public-key brief
Address Bits Name
---------------------------
1024 192.168.0.39
# Display the public key named abc of the
client key pair.
<H3C> display rsa
peer-public-key name abc
=====================================
Key name: abc
Key address:
=====================================
Key Code:
308186
028180
739A291A BDA704F5 D93DC8FD
F84C4274 631991C1 64B0DF17 8C55FA83 3591C7D4
7D5381D0
9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408
61B74A0E 135523CC D74CAC61
F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9
44018B3B
69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4 BB45504F
0201
25
Syntax
display ssh server
{ status | session }
View
Any view
Parameter
status:
Displays SSH status information.
session:
Displays SSH session information.
Description
Use the display ssh server
command to display the status or session information about the SSH server.
Related command: ssh server authentication-retries,
ssh server timeout.
Example
# Display the status information about the
SSH server.
<H3C> display ssh server status
SSH version : 1.99
SSH connection timeout : 60 seconds
SSH server key generating interval :
0 hours
SSH Authentication retries : 3 times
SFTP Server: Enable
Caution:
l
If you use the ssh server compatible-ssh1x
enable command to configure the server to be compatible with the client of
SSH1.x version, the SSH version will be displayed as 1.99.
l
If you use the undo ssh server
compatible-ssh1x enable command to configure the server to be not
compatible with the client of SSH1.x version, the SSH version will be displayed
as 2.0.
# Display the session information about the
SSH server.
<H3C> display ssh server
session
Conn Ver Encry State
Retry SerType Username
VTY 0 2.0 AES started
0 stelnet kk
VTY 1 2.0 AES started
0 sFTP abc
Table 1-1
Description on the fields of the display ssh
server session command
|
Field
|
Description
|
|
Conn
|
Number of VTY interface used for user
login
|
|
Ver
|
SSH version
|
|
Encry
|
Encryption algorithm used by SSH. Encry
is short for encryption. The encryption algorithms in common use are advanced
encryption standard (AES), data encryption standard (DES), and triple DES
(3DES).
|
|
State
|
Current state
|
|
Retry
|
Number of retries
|
|
SerType
|
Type of service
|
|
Username
|
User name
|
Syntax
display ssh user-information [ username ]
View
Any view
Parameter
username:
SSH user name, a string of 1 to 80 characters.
Description
Use the display ssh user-information
command to display information about the current SSH users, including user
name, authentication mode, corresponding public key name and authorized service
types. If the username argument is specified, the command displays
information about the specified user.
Example
# Display the information about the current
user.
<H3C> display ssh
user-information
Username
Authentication-type User-public-key-name Service-type
kk rsa test
sftp
Syntax
peer-public-key end
View
Public key view
Parameter
None
Description
Use the peer-public-key end
command to return to system view from public key view.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit from public key view.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] peer-public-key
end
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all:
Supports all protocols, including Telnet and SSH.
ssh:
Supports only SSH.
telnet:
Supports only Telnet.
Description
Use the protocol inbound command to
configure the protocols supported in the current user interface.
By default, both SSH and Telnet are
supported.
After you use this command with SSH
enabled, SSH login is still unavailable until next login if no RSA key is
configured locally.
Caution:
l
Before configuring the user interface to support
the SSH protocol, to ensure a successful login, you must configure the AAA
authentication using the authentication-mode scheme command.
l
The protocol inbound ssh configuration
fails if you have enabled the authentication-mode password command or
the authentication-mode none command. When you have configured the SSH
protocol successfully for the user interface, then you cannot enable the authentication-mode
password command or the authentication-mode none command any more.
Related command: user-interface vty.
Example
# Configure vty0 through vty4 to support
SSH only.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] authentication-mode
scheme
[H3C-ui-vty0-4] protocol inbound ssh
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin
command to enter public key code view and input the client public key.
You can key in a blank space between characters
(since the system can remove the blank space automatically), or press
<Enter> to continue your input at the next line. But the client public
key, which is generated randomly by the SSH2.0-supporting client software,
should be a hexadecimal character string coded in the public key format.
Related command: rsa peer-public-key,
public-key-code end.
Example
# Enter public key code view and input
client public keys.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code
begin
[H3C-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code]
D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code]
BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
public-key-code end
View
Public key code view
Parameter
None
Description
Use the public-key-code end command
to return from public key code view to public key view and save the public keys
you input.
After you use this command to terminate the
public key coding process, public key validity will be checked before the keys
are saved.
l
If there are illegal characters in the keys, the
prompt will be given and the keys will be discarded. Your configuration this
time fails.
l
If the keys are valid, they will be saved in the
local public key list.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit from public key code view and save
the public keys.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C]rsa peer-public-key kk
[H3C-rsa-public-key]public-key-code
begin
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
rsa local-key-pair create
View
System view
Parameter
None
Description
Use the rsa local-key-pair create
command to generate RSA key pairs, including the host key pair and the server
key pair.
l
The name of the host key pair is in the format
of switch name plus _Host, for example, H3C_Host.
l
The name of the server key pair is in the format
of switch name plus _Server, for example, H3C_Server.
Server key pair
(H3C_Server) is not used in SSH2.0; therefore, when the rsa local-key-pair
create command is executed, the system only prompts you the host RSA key
pair (H3C_Host) is generated, and does not inform you the information about the
server key pair even if the server key pair is generated in the background for
the purpose of SSH1.x compatibility. You can use the display rsa
local-key-pair public command to display the generated key pairs.
After you configure the rsa
local-key-pair create command, the system prompts you to define the key
length.
l
In SSH1.x, the key length is in the range of 512
to 2,048 (bits).
l
In SSH2.0, the key length is in the range of 768
to 2048 (bits).
l
If you use this command to generate an RSA key
provided an old one exists, the system will prompt you whether to replace the
previous one.
For a successful SSH login, you must
generate the server RSA key pairs first. You just need to execute the command
once, with no further action required even after the system is rebooted.
Related command: rsa local-key-pair
destroy, display rsa local-key-pair public, ssh server
compatible-ssh1x enable.
Example
# Generate a local RSA key pair.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa local-key-pair create
The key name will be: H3C_Host
The range of public key size is (512
~ 2048).
NOTES: If the key modulus is greater
than 512,
It will take a few minutes.
Input the bits in the modulus[default
= 1024]:
Generating keys...
....++++++++++++
........++++++++++++
..................++++++++
...............................................................................+
+++++++
..........
Syntax
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Use the rsa local-key-pair destroy
command to destroy all existing RSA key pairs at the server end.
Related command: rsa local-key-pair
create.
Example
# Destroy all existing RSA key pairs at the
server end.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa local-key-pair destroy
% The name for the keys which will be
destroyed is H3C_Host .
% Confirm to destroy these keys?
[Y/N]:y
......................
1.1.11 rsa
peer-public-key
Syntax
rsa peer-public-key key-name
undo rsa peer-public-key key-name
View
System view
Parameter
key-name:
Client public key name, a string of 1 to 64 characters.
Description
Use the undo rsa peer-public-key
key-name command to remove the configured client public key.
The rsa peer-public-key command
leads you to public key view. You can use the command along with the public-key-code
begin command to configure on the server client public keys, which are
generated randomly by the SSH2.0-supporting client software.
Related command: public-key-code begin,
public-key-code end.
Example
# Enter H3C002 public key view.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
# Remove the client public key named
192.168.0.39.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] undo rsa peer-public-key
192.168.0.39
% Do you really want to remove the
public key named 192.168.0.39 ? [Y/N]:y
[H3C]
Syntax
ssh authentication-type default { password | rsa | password-publickey | all
}
undo ssh authentication-type default
View
System view
Parameter
password:
Specifies the authentication type as password authentication.
rsa:
Specifies the authentication type as RSA public key authentication.
password-publickey: Specifies the authentication type as both password authentication
and RSA public key authentication, that is, the user can pass the
authentication only when both the password and RSA public key are correct.
all:
Specifies the authentication type as password authentication or RSA public key
authentication, that is, the user can pass the authentication if either the
password or RSA public key is correct.
Description
Use the ssh authentication-type default command
to specify a default authentication type for SSH users. After the command is
configured, when a SSH user is added, if you do not use the ssh user
authentication-type command to specify an authentication type for the user,
the user needs to pass the default authentication type.
Use the undo ssh authentication-type
default command to restore the default settings.
By default, the password authentication
type is specified.
Related command: ssh user authentication-type.
Example
# Specify the default authentication type
as password.
<H3C>system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh authentication-type default
password
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameter
times:
Authentication retry times. It is in the range of 1 to 5 and defaults to 3.
Description
Use the ssh server
authentication-retries command to set the authentication retry times for
SSH connections.
Use the undo ssh server
authentication-retries command to restore the default authentication retry
times, which will take effect at next login.
Related command: display ssh server.
If you have used
the ssh user authentication-type command to configure the authentication
type to password-publickey, you must set the authentication retry times
to a number greater than or equal to 2, for one is counted when a client sends
a public key to the server.
Example
# Set the authentication retry times to 4.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh server
authentication-retries 4
Syntax
ssh server compatible-ssh1x enable
undo ssh server compatible-ssh1x
View
System view
Parameter
None
Description
Use the ssh server compatible-ssh1x
enable command to make the server compatible with the SSH1.x-supporting
client.
Use the undo ssh server compatible-ssh1x
enable command to make the server not compatible with the SSH1.x-supporting
client.
By default, the server is compatible with
the SSH1.x-supporting client.
Example
# Specify the server compatible with the
SSH1.x-supporting client.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh server compatible-ssh1x
enable
Syntax
ssh server rekey-interval hours
undo ssh server rekey-interval
View
System view
Parameter
hours: Update period of the server key, in hours, ranging from 1 to 24.
Description
Use the ssh server rekey-interval command
to set the update interval for the server key.
Use the undo ssh server rekey-interval command
to cancel the current configuration.
By default, the system does not update the
server key.
Caution:
This command is only effective on users of SSH1.x clients.
Example
# Set the update interval of the server key
to 3 hours.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh server rekey-interval 3
Syntax
ssh server timeout seconds
undo ssh server timeout
View
System view
Parameter
seconds:
Authentication timeout time. It is in the range of 1 to 120 (seconds) and
defaults to 60 seconds.
Description
Use the ssh server timeout command
to set authentication timeout time for SSH connections.
Use the undo ssh server timeout
command to restore the default timeout time. The default value takes effect at
next login.
Related command: display ssh server.
Example
# Set the authentication timeout time to 80
seconds.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh server timeout 80
Syntax
ssh user username
undo ssh user username
View
System view
Parameter
username:
Valid SSH user name, a string of 1 to 80 characters.
Description
Use the ssh user command to create
an SSH user.
Use the undo ssh user to delete a
specified SSH user.
For an SSH user created by using this
command, if you do not specify an authentication type by using the ssh user
authentication-type command for this user, this SSH user adopts the default
authentication type.
An SSH user is
created on an SSH server for the purpose of specifying the authentication type,
the SSH service type, and the public key for the SSH user. An existing SSH user
will be removed automatically if it has none of the authentication type, the
SSH service type, and the public key configured.
Example
# Create an SSH user with the name
“abc”.
<H3C> system-view
Enter system view, return to user
view with Ctrl+Z.
[H3C] ssh user abc
Syntax
ssh user
username assign rsa-key keyname
undo ssh user username assign rsa-key
View
System view
Parameter
username:
SSH user name, a string of 1 to 80 characters.
keyname:
Client public key name, a string of 1 to 64 characters.
Description
Use the ssh user assign rsa-key
command to allocate public keys to SSH users.
Use the undo ssh user assign rsa-key
command to remove the association between the public keys and SSH users. The
configuration takes effect at the next login.
If the user already has a public key, the
new public key overrides the old one.
Related command: display ssh
user-information.
Example
# Set the client public key for the kk user
to key1.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh user kk assign rsa-key key1
Syntax
ssh user
username authentication-type { password | rsa | password-publickey
| all }
undo ssh user username authentication-type
View
System view
Parameter
username:
Valid SSH user name, a string of 1 to 80 characters.
password:
Specifies the authentication type as password.
rsa:
Specifies the authentication type as RSA public key.
password-publickey: Specifies the authentication type as both password and RSA public
key. That is, the user can pass the authentication only when both the password
and RSA public key are correct.
For the password-publickey authentication type:
l
Users of SSH1.x clients can access the switch as
long as they pass one of the two authentication types.
l
Users of SSH2.0 clients can access the switch
only when they pass both the two authentication types.
all:
Specifies the authentication type as either password or RSA public key. That
is, the user can pass the authentication if either the password or the RSA
public key is correct.
Description
Use the ssh user authentication-type
command to define on the server the available authentication type for an SSH
user.
Use the undo ssh user
authentication-type command to restore the default settings where the users
cannot access the switch.
This command
defines available authentication type on the server. The actual authentication
type, however, is determined by the user on the client.
By default, no authentication type is
specified for new SSH users, so they cannot access the switch.
For new SSH users, the server must specify
authentication types for them by using the ssh user authentication-type command.
Otherwise, they cannot access the switch. The new authentication type
configured takes effect at the next login.
Related command: display ssh
user-information.
Example
# Set the authentication type for the kk
user as password authentication.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh user kk authentication-type
password
Syntax
display ssh server-info
View
Any view
Parameter
None
Description
Use the display ssh server-info
command to display the association between the servers and the server public
keys configured on the clients.
Example
# Display the association between the
servers and the server public keys on the clients.
<H3C> display ssh server-info
Server Name(IP)
Server public key name
______________________________________________________
192.168.0.1
abc_key01
192.168.0.2
abc_key02
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin
command to enter public key code view and set server public keys.
You can key in a blank space between
characters (since the system can remove the blank space automatically), or
press <Enter> to continue your input at the next line. But the public key,
which are generated randomly after you use the rsa local-key-pair create
command on the server, should be a hexadecimal character string coded in public
key format.
Related command: rsa peer-public-key,
and public-key-code end.
Example
# Enter public key code view and set server
public keys.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code
begin
[H3C-rsa-key-code]
308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code]
1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code]
D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code]
0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code]
C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code]
BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
public-key-code end
View
Public key code view
Parameter
None
Description
Use the public-key-code end command
to return from public key code view to public key view and save the public keys
you set.
After you use this command to terminate the
public key coding, public key validity will be checked before the keys are
saved.
l
If there are illegal characters in the keys, the
prompt will be given and the keys will be discarded. Your configuration this
time fails.
l
If the keys are valid, they will be saved in the
local public key list.
Related command: rsa peer-public-key,
public-key-code begin.
Example
# Exit from public key code view and save
the public keys.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code
begin
[H3C-rsa-key-code] public-key-code
end
[H3C-rsa-public-key]
Syntax
quit
View
User view
Parameter
None
Description
Use the quit command to terminate
the connection to the remote SSH server.
Example
# Terminate the connection to the remote
SSH server.
<H3C> quit
Syntax
rsa peer-public-key key-name
undo rsa peer-public-key key-name
View
System view
Parameter
key-name:
Server public key name, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command
to enter public key view.
Use the undo rsa peer-public-key key-name
command to remove the configured server public key.
You can use the rsa peer-public-key
command and then the public-key-code begin command to enter public key
code view and configure on the client the server public keys, which are
generated randomly after you use the rsa local-key-pair create command.
Related command: public-key-code begin,
public-key-code end, rsa local-key-pair create.
Example
# Enter H3C002 public key view.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
Syntax
ssh client {
server-ip | server-name } assign rsa-key keyname
undo ssh client server-ip assign rsa-key
View
System view
Parameter
server-ip:
Server IP address.
server-name:
Server name, a string of 1 to 80 characters.
keyname:
Server public key name, a string of 1 to 64 characters.
Description
Use the ssh client assign rsa-key
command to specify on the client the public key for the server to be connected
to guarantee the client can be connected to a reliable server.
Use the undo ssh client assign
rsa-key command to remove the association between the public keys and
servers.
Example
# Specify on the client the public key of
the server (with IP address 192.168.0.1) as abc.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh client 192.168.0.1 assign
rsa-key abc
Syntax
ssh client first-time enable
undo ssh client first-time
View
System view
Parameter
None
Description
Use the ssh client first-time enable
command to configure the client to run the initial authentication.
Use the undo ssh client first-time
command to remove the configuration.
In the initial
authentication, if the SSH client does not have the public key for the server
which it accesses for the first time, the client continues to access the server
and save locally the public key of the server. Then at the next access, the
client can authenticate the server with the public key saved locally.
When the initial authentication function is
not available, the client does not access the server if it does not have the
public key of the server locally. In this case, you need first to save the
public key of the target server to the client in other ways.
By default, the client runs the initial
authentication.
Example
# Configure the client to run the initial
authentication.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh client first-time enable
Syntax
ssh2 { host-ip
| host-name } [ port-num ] [ prefer_kex { dh_group1
| dh_exchange_group } | prefer_ctos_cipher { des | aes128
} | prefer_stoc_cipher { des | aes128 } | prefer_ctos_hmac
{ sha1 | sha1_96 | md5 | md5_96
} | prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96
} ] *
View
System view
Parameter
host-ip:
Server IP address.
host-name: Server name, a string of 1 to 20 characters.
port-num:
Server port number. It is in the range of 0 to 65,535 and defaults to 22.
prefer_kex:
Preferential key exchange algorithm. Choose one of the two available
algorithms.
dh_group1:
Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default algorithm.
dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Preferential encryption algorithm from the client to server. It
defaults to AES128.
prefer_stoc_cipher: Preferential encryption algorithm from the server to client. It
defaults to AES128.
des: DES_cbc
encryption algorithm.
aes128:
AES_128 encryption algorithm.
prefer_ctos_hmac: Preferential HMAC algorithm from the client to server. It defaults
to SHA1_96.
prefer_stoc_hmac: Preferential HMAC algorithm from the server to client. It defaults
to SHA1_96.
sha1:
HMAC-SHA1 algorithm.
sha1_96:
HMAC-SHA1_96 algorithm.
md5:
HMAC-MD5 algorithm.
md5_96:
HMAC-MD5-96 algorithm.
l
Data encryption standard (DES) is the standard
algorithm for data encryption.
l
Advanced encryption standard (AES) is the
advanced encryption standard algorithm.
Description
Use the ssh2 command to enable the
connection between SSH client and server, define preferential key exchange
algorithm, preferential encryption algorithm and preferential HMAC algorithm on
the server and client.
Example
# Log in to the remote SSH2.0 server with
IP address 10.1.1.2 and adopt the default encryption algorithm.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh2 10.1.1.2
Username: 123
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 10.1.1.2 ...
The Server is not authenticated. Do
you continue access it?(Y/N):y
Do you want to save the server's
public key?(Y/N):n
Enter password:
*************************************************************************
* Copyright(c) 2004-2006 Hangzhou
H3C Technology Co., Ltd. *
* Without the owner's prior written
consent, *
* no decompiling or
reverse-engineering shall be allowed. *
*************************************************************************
<H3C>
Syntax
sftp server enable
undo sftp server
View
System view
Parameter
None
Description
Use the sftp server enable command
to enable the secure FTP (SFTP) server.
Use the undo sftp server enable
command to disable the SFTP server.
By default, the SFTP server is disabled.
Example
# Enable the SFTP server.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] sftp server enable
Syntax
ssh user username
service-type { stelnet | sftp | all }
undo ssh user username service-type
View
System view
Parameter
username:
Local user name or the user name defined on the remote RADIUS server, a string
of 1 to 80 characters.
stelnet:
Sets the service type to secure Telnet.
sftp: Sets
the service type to SFTP.
all:
Includes both secure Telnet service type and SFTP service type.
Description
Use the ssh user service-type
command to specify service type for a user.
Use the undo ssh user service-type command
to remove the service type specified for an SSH user.
The default service type for the SSH user
is stelnet.
Related command: display ssh
user-information.
Example
# Specify SFTP service for SSH user kk.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ssh user kk service-type sftp
Syntax
bye
View
SFTP Client view
Parameter
None
Description
Use the bye command to terminate the
connection to the remote SFTP server and return to system view.
This command has the same function as the exit
and quit commands.
Example
# Terminate the connection to the remote
SFTP server.
sftp-client> bye
Bye
[H3C]
Syntax
cd [ remote-path
]
View
SFTP Client view
Parameter
remote-path: Name of a path on the server.
Description
Use the cd
command to change the current path on the remote SFTP server. If you did not
specify the remote-path argument, the current path is displayed.
You can use the cd
.. command to return to the upper level directory.
You can use the cd
/ command to return to the root directory of the system (that is, flash:/).
Example
# Change the current path to new1.
sftp-client> cd new1
Current Directory is:
flash:/new1
Syntax
cdup
View
SFTP client view
Parameter
None
Description
Use the cdup command to return the
current path of the remote SFTP server to the upper level directory.
Example
# Return the current path to the upper
level directory.
sftp-client> cdup
Current Directory is:
flash:/
Syntax
delete remote-file
View
SFTP client view
Parameter
remote-file:
Name of a file on the server.
Description
Use the delete command to remove the
specified file from the remote SFTP server.
This command has the same function as the remove
command.
Example
# Remove file test.txt from the server.
sftp-client> delete test.txt
The followed File will be deleted:
flash:/test.txt
Are you sure to delete it?(Y/N):y
This operation may take a long
time.Please wait...
File successfully Removed
Syntax
dir [ remote-path
]
View
SFTP client view
Parameter
remote-path:
Name of the directory to be queried.
Description
Use the dir command to query the
specified directory on the remote SFTP server.
If the remote-path argument is not
specified, the files in the current directory are displayed.
This command has the same function as the ls
command.
Example
# Display the files in directory flash:/.
sftp-client> dir flash:/
-rwxrwxrwx 1 noone nogroup
1759 Aug 23 06: 52 config.cfg
-rwxrwxrwx 1 noone nogroup
225 Aug 24 08: 01 pubkey2
-rwxrwxrwx 1 noone nogroup
283 Aug 24 07: 39 pubkey1
-rwxrwxrwx 1 noone nogroup
225 Sep 28 08: 28 pub1
drwxrwxrwx 1 noone
nogroup 0 Sep 28 08: 24 new1
drwxrwxrwx 1 noone nogroup 0
Sep 28 08: 18 new2
-rwxrwxrwx 1 noone nogroup
225 Sep 28 08: 30 pub2
Syntax
exit
View
SFTP client view
Parameter
None
Description
Use the exit command to terminate
the connection to the remote SFTP server and return to system view.
This command has the same function as the bye
and quit commands.
Example
# Terminate the connection to the remote
SFTP server.
sftp-client> exit
Bye
[H3C]
Syntax
get remote-file
[ local-file ]
View
SFTP client view
Parameter
remote-file:
Name of the source file on the remote SFTP server.
local-file:
Name assigned to the file to be saved locally.
Description
Use the get command to download a
file from a remote server and save the file locally.
If no local file name is specified, the
name of the source file on the remote SFTP server is used by default.
Example
# Download file tt.bak and save it with
name tt.txt.
sftp-client>get tt.bak tt.txt....
Remote file: flash:/tt.bak --->
Local file: tt.txt..
Downloading file successfully ended
1.4.8 help
Syntax
help [ command
]
View
SFTP client view
Parameter
command:
Name of a command.
