H3C S3100-52P Ethernet Switch Command Manual-Release 1500(V1.01)

HomeSupportSwitchesH3C S3100 Switch SeriesReference GuidesCommand ReferencesH3C S3100-52P Ethernet Switch Command Manual-Release 1500(V1.01)
27-SSH Terminal Service Command
Title Size Download
27-SSH Terminal Service Command 207 KB

Table of Contents

Chapter 1 SSH Terminal Service Configuration Commands. 1-1

1.1 SSH Server Configuration Commands. 1-1

1.1.1 display rsa local-key-pair public. 1-1

1.1.2 display rsa peer-public-key. 1-2

1.1.3 display ssh server 1-3

1.1.4 display ssh user-information. 1-4

1.1.5 display ssh-server source-ip. 1-5

1.1.6 peer-public-key end. 1-5

1.1.7 protocol inbound. 1-6

1.1.8 public-key-code begin. 1-7

1.1.9 public-key-code end. 1-7

1.1.10 rsa local-key-pair create. 1-8

1.1.11 rsa local-key-pair destroy. 1-9

1.1.12 rsa peer-public-key. 1-10

1.1.13 rsa peer-public-key import sshkey. 1-10

1.1.14 ssh authentication-type default 1-11

1.1.15 ssh server authentication-retries. 1-12

1.1.16 ssh server timeout 1-13

1.1.17 ssh user assign rsa-key. 1-14

1.1.18 ssh user authentication-type. 1-15

1.1.19 ssh-server source-interface. 1-16

1.1.20 ssh-server source-ip. 1-17

1.2 SSH Client Configuration Commands. 1-17

1.2.1 display ssh2 source-ip. 1-17

1.2.2 display ssh server-info. 1-18

1.2.3 public-key-code begin. 1-19

1.2.4 public-key-code end. 1-19

1.2.5 quit 1-20

1.2.6 rsa peer-public-key. 1-21

1.2.7 ssh client assign rsa-key. 1-21

1.2.8 ssh client first-time enable. 1-22

1.2.9 ssh2. 1-23

1.2.10 ssh2 source-interface. 1-24

1.2.11 ssh2 source-ip. 1-25

1.3 SFTP Server Configuration Commands. 1-26

1.3.1 sftp server enable. 1-26

1.3.2 ssh user service-type. 1-26

1.3.3 sftp timeout 1-27

1.4 SFTP Client Configuration Commands. 1-28

1.4.1 bye. 1-28

1.4.2 cd. 1-28

1.4.3 cdup. 1-29

1.4.4 delete. 1-29

1.4.5 dir 1-30

1.4.6 display sftp source-ip. 1-31

1.4.7 exit 1-31

1.4.8 get 1-32

1.4.9 help. 1-32

1.4.10 ls. 1-33

1.4.11 mkdir 1-34

1.4.12 put 1-34

1.4.13 pwd. 1-35

1.4.14 quit 1-35

1.4.15 remove. 1-36

1.4.16 rename. 1-36

1.4.17 rmdir 1-37

1.4.18 sftp. 1-37

1.4.19 sftp source-interface. 1-39

1.4.20 sftp source-ip. 1-39

 


Chapter 1  SSH Terminal Service Configuration Commands

1.1  SSH Server Configuration Commands

1.1.1  display rsa local-key-pair public

Syntax

display rsa local-key-pair public

View

Any view

Parameter

None

Description

Use the display rsa local-key-pair public command to display the public key in the host key pair on the server. If no key pair has been generated, the system prompts “% RSA keys not found”.

Related command: rsa local-key-pair create.

Example

# Display the public key in the host key pair on the server.

<H3C> display rsa local-key-pair public

 

=====================================================

Time of Key pair created: 20:08:35  2000/04/02

Key name: H3C_Host

Key type: RSA encryption Key

=====================================================

Key code:

3047

  0240

    DE99B540 87B666B9 69C948CD BBCC2B60 997F9C18

    9AA6651C 6066EF76 242DEAD1 DEFEA162 61677BD4

    1A7BFAE7 668EDAA9 FB048C37 A0F1354D 5798C202

    2253F4F5

  0203

    010001

 

 Host public key for PEM format code:

---- BEGIN SSH2 PUBLIC KEY ----

AAAAB3NzaC1yc2EAAAADAQABAAAAQQDembVAh7ZmuWnJSM27zCtgmX+cGJqmZRxg

Zu92JC3q0d7+oWJhZ3vUGnv652aO2qn7BIw3oPE1TVeYwgIiU/T1

---- END SSH2 PUBLIC KEY ----

 

Public key code for pasting into OpenSSH authorized_keys file :

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQDembVAh7ZmuWnJSM27zCtgmX+cGJqmZRxgZu92JC3q

0d7+oWJhZ3vUGnv652aO2qn7BIw3oPE1TVeYwgIiU/T1 rsa-key

 

1.1.2  display rsa peer-public-key

Syntax

display rsa peer-public-key [ brief | name keyname ]

View

Any view

Parameter

brief: Displays brief information about all client public keys.

keyname: Name of a client public key, a string of 1 to 64 characters.

Description

Use the display rsa peer-public-key command to display the public key in the RSA key pair of a specific client. If no key name is specified, the command displays all client public keys.

Example

# Display all client public keys in brief.

<H3C> display rsa peer-public-key brief

Address        Bits   Name

---------------------------

                1023   abcd

                1024   hq

# Display the client public key named "abcd".

<H3C> display rsa peer-public-key name abcd

=====================================

    Key name: abcd

    Key address:

=====================================

Key Code:

308186

  028180

    739A291A BDA704F5 D93DC8FD F84C4274 631991C1 64B0DF17 8C55FA83 3591C7D4

    7D5381D0 9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408

    61B74A0E 135523CC D74CAC61 F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9

    44018B3B 69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4 BB45504F

  0201

    25

1.1.3  display ssh server

Syntax

display ssh server { status | session }

View

Any view

Parameter

status: Displays SSH status information.

session: Displays SSH session information.

Description

Use the display ssh server command to display status or session information about the SSH Server.

Related command: ssh server authentication-retries, ssh server timeout.

Example

# Display status information about the SSH Server.

<H3C> display ssh server status

SSH version : 2.0

 SSH connection timeout : 60 seconds

 SSH Authentication retries : 2 times

 SFTP Server: Disable

# Display session information about the SSH Server.

<H3C> display ssh server session

 Conn   Ver   Encry    State     Retry    SerType  Username

 VTY 0  2.0   AES      started   0        stelnet  kk

 VTY 1  2.0   AES      started   0        sFTP     abc

Table 1-1 Description on the fields of the display ssh server session command

Field

Description

Conn

Number of VTY interface used for user login

Ver

SSH version

Encry

Encryption algorithm used by SSH

State

Session status

Retry

Number of connection retries

SerType

Service type

Username

User name

 

1.1.4  display ssh user-information

Syntax

display ssh user-information [ username ]

View

Any view

Parameter

username: SSH user name, a string of 1 to 80 characters.

Description

Use the display ssh user-information command to display information about the current SSH users, including user name, authentication type, corresponding public key name and authorized service type. If the username argument is specified, the command displays information about the specified user.

Example

# Display information about the current SSH users.

<H3C> display ssh user-information

 Username            Authentication-type  User-public-key-name  Service-type

 kk                 rsa                  test                  sftp 

1.1.5  display ssh-server source-ip

Syntax

display ssh-server source-ip

View

Any view

Parameter

None

Description

Use the display ssh-server source-ip command to display the current source IP address or the IP address of the source interface specified for the SSH server. If neither source IP address nor source interface is specified, the command displays 0.0.0.0.

Example

# Display the current source IP address specified for the SSH Server.

<H3C> display ssh-server source-ip

The source IP you specified is 192.168.1.1

1.1.6  peer-public-key end

Syntax

peer-public-key end

View

Public key view

Parameter

None

Description

Use the peer-public-key end command to return from public key view to system view.

Related command: rsa peer-public-key, public-key-code begin.

Example

# Exit public key view.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key H3C003

[H3C-rsa-public-key] peer-public-key end

[H3C]

1.1.7  protocol inbound

Syntax

protocol inbound { all | ssh | telnet }

View

VTY user interface view

Parameter

all: Supports both Telnet and SSH.

ssh: Supports only SSH.

telnet: Supports only Telnet.

Description

Use the protocol inbound command to configure specific user interface(s) to support specified protocol(s). The configuration will take effect at next user login.

By default, both SSH and Telnet are supported.

 

  Caution:

l      If you have configured a user interface to support SSH protocol, to ensure a successful login to the user interface, you must configure AAA authentication for the user interface by using the authentication-mode scheme command.

l      For a user interface, if you have executed the authentication-mode password or authentication-mode none command, the protocol inbound ssh command cannot be executed; if you have executed the protocol inbound ssh command, neither of the authentication-mode password and authentication-mode none commands can be executed.

 

Related command: user-interface vty.

Example

# Configure vty0 through vty4 to support SSH only.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] protocol inbound ssh

1.1.8  public-key-code begin

Syntax

public-key-code begin

View

Public key view

Parameter

None

Description

Use the public-key-code begin command to enter public key edit view and input a client public key.

When you input the key data, spaces are allowed between the characters you input (because the system can remove the spaces automatically); you can also press <Enter> to continue your input at the next line. But the key you input should be a hexadecimal digit string generated randomly by an SSH2.0-supported client software.

Related command: rsa peer-public-key, public-key-code end.

Example

# Enter public key edit view and input a client public key.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key H3C003

[H3C-rsa-public-key] public-key-code begin

[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463

[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913

[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4

[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC

[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16

[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key]

1.1.9  public-key-code end

Syntax

public-key-code end

View

Public key edit view

Parameter

None

Description

Use the public-key-code end command to return from public key edit view to public key view and save the public key you input.

After you use this command to end editing a public key, the system will check the validity of the public key before saving the key.

l           If there is any illegal character in the key, your configuration fails. In this case, a prompt is displayed and the key is discarded.

l           If the key is valid, it is saved in the local public key list.

Related command: rsa peer-public-key, public-key-code begin.

Example

# Exit public key edit view and save the public key.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C]rsa peer-public-key kk

[H3C-rsa-public-key]public-key-code begin

[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463

[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913

[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4

[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC

[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16

[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key]

1.1.10  rsa local-key-pair create

Syntax

rsa local-key-pair create

View

System view

Parameter

None

Description

Use the rsa local-key-pair create command to generate an RSA host key pair, which is named in the format of switch name plus "Host".

After you issue the command, the system prompts you to input a key length. In SSH2.0, the key length is in the range of 512 to 2048 (bits). If the RSA key pair already exists, the system will ask whether you want to replace the original key pair with a new one.

For a successful SSH login, you must first generate a local RSA key pair. You just need to execute the rsa local-key-pair create command once, and need not execute the command again after the system is rebooted.

Related command: rsa local-key-pair destroy, display rsa local-key-pair public.

Example

# Generate a local RSA key pair.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa local-key-pair create

The local-key-pair will be created.

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

       It will take a few minutes.

Input the bits in the modulus[default = 1024]:

Generating keys...

........................++++++

.......++++++

.................................++++++++

...++++++++

........Done!

1.1.11  rsa local-key-pair destroy

Syntax

rsa local-key-pair destroy

View

System view

Parameter

None

Description

Use the rsa local-key-pair destroy command to destroy the server's RSA key pair.

Related command: rsa local-key-pair create.

Example

# Destroy the server's RSA key pair.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa local-key-pair destroy

% The local-key-pair will be destroyed.

% Confirm to destroy these keys? [Y/N]:y

.............Done!

1.1.12  rsa peer-public-key

Syntax

rsa peer-public-key key-name

View

System view

Parameter

key-name: Name of a client public key, a string of 1 to 64 characters.

Description

Use the rsa peer-public-key command to enter public key view.

After using this command, you can use the public-key-code begin command to manually configure a client public key on the server. Before you can do this, you should first obtain the hexadecimal-format public key that is randomly generated on a client.

Related command: public-key-code begin, public-key-code end.

Example

# Enter H3C002 public key view.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key H3C002

[H3C-rsa-public-key]

1.1.13  rsa peer-public-key import sshkey

Syntax

rsa peer-public-key key-name import sshkey file-name

View

System view

Parameter

key-name: Name of the client public key to be configured, a string of 1 to 64 characters.

file-name: Name of a client public key file (which was uploaded beforehand from a client to the Flash memory of the sever), a string of 1 to 142 characters.

Description

Use the rsa peer-public-key import sshkey command to transform a client public key file to the PKCS format and use the file to automatically configure a client public key.

This configuration releases you from manually inputting a client public key. You need only to upload the public key file of the RSA key pair on a client to the server through FTP/TFTP, and then use this command to transform the key file format and use the file to configure a client public key on the server.

Example

# Transform the format of client public key file abc and configure a public key named 123.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key 123 import sshkey abc

1.1.14  ssh authentication-type default

Syntax

ssh authentication-type default { password | rsa | password-publickey | all }

undo ssh authentication-type default

View

System view

Parameter

password: Specifies the authentication type of SSH users to password authentication.

rsa: Specifies the authentication type of SSH users to RSA public key authentication.

password-publickey: Specifies the authentication type of SSH users to both password authentication and public key authentication, that is, both the password authentication and public key authentication must be passed.

all: Specifies the authentication type of SSH users to either password authentication or public key authentication, that is, one of the two types of authentication must be passed.

Description

Use the ssh authentication-type default command to specify a default authentication type for SSH users.

With this command configured, after you add a new SSH user by using the ssh user command, the default authentication type is adopted for the user unless you use the ssh user authentication-type command to separately specify an authentication type for the user.

Use the undo ssh authentication-type default command to remove the default authentication type.

After the undo command is executed, no default authentication type exists. When you add a new SSH user, you must specify an authentication type for it simultaneously.

There is no default authentication type unless you use the ssh authentication-type default command to specify it.

Related command: ssh user authentication-type.

 

&  Note:

If the default authentication type for SSH users is password and local AAA authentication is adopted, you need not use the ssh user command to create an SSH user. Instead, you should use the local-user command to create a user name and its password and then set the service type of the user to SSH.

 

Example

# Specify the default authentication type of SSH users to password authentication.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh authentication-type default password

1.1.15  ssh server authentication-retries

Syntax

ssh server authentication-retries times

undo ssh server authentication-retries

View

System view

Parameter

times: Authentication retry times, in the range of 1 to 5.

Description

Use the ssh server authentication-retries command to set the authentication retry times for SSH connections.

Use the undo ssh server authentication-retries command to restore the default authentication retry times.

By default, the number of authentication retry times is 3.

The configuration here will take effect at next user login.

Related command: display ssh server.

 

&  Note:

If you have used the ssh user authentication-type command to configure the authentication type of a user to password-publickey, you must set the authentication retry times to a number greater than or equal to 2 (so that the user can access the switch), because one is counted when a client sends the member module of its public key to the server.

 

Example

# Set the authentication retry times to four.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh server authentication-retries 4

1.1.16  ssh server timeout

Syntax

ssh server timeout seconds

undo ssh server timeout

View

System view

Parameter

seconds: Authentication timeout time, ranging from 1 to 120 (in seconds).

Description

Use the ssh server timeout command to set the authentication timeout time for SSH connections.

Use the undo ssh server timeout command to restore the default timeout time (that is, 60 seconds).

The configuration here will take effect at next login.

Related command: display ssh server.

Example

# Set the authentication timeout time to 80 seconds.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh server timeout 80

1.1.17  ssh user assign rsa-key

Syntax

ssh user username assign rsa-key keyname

undo ssh user username assign rsa-key

View

System view

Parameter

username: Valid SSH user name, a string of 1 to 80 characters.

keyname: Client public key name, a string of 1 to 64 characters.

Description

Use the ssh user assign rsa-key command to assign a client public key to an SSH user. This configuration takes effect at the next login.

Use the undo ssh user assign rsa-key command to remove this assignment, so that no public key is associated with the user.

If the user has already been assigned with a public key, the newly assigned public key will overwrite the old one.

Related command: display ssh user-information.

Example

# Assign the client public key named "key1" to user kk.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh user kk assign rsa-key key1

1.1.18  ssh user authentication-type

Syntax

ssh user username authentication-type { password | rsa | password-publickey | all }

undo ssh user username authentication-type

View

System view

Parameter

username: Valid SSH user name, a string of 1 to 80 characters.

password: Sets the authentication type to password authentication.

rsa: Sets the authentication type to RSA public key authentication.

password-publickey: Sets the authentication type to both password and RSA public key authentication. That is, the user can access the switch only when both the password authentication and the RSA public key authentication are passed.

all: Sets the authentication type to either password or RSA public key authentication. That is, the user can access the switch as long as one of the two authentications (password and RSA public key) is passed.

Description

Use the ssh user authentication-type command to set the available authentication type for an SSH user.

Use the undo ssh user authentication-type command to restore the default setting.

 

&  Note:

l      This command only determines what kind of authentication is allowed for a user to log into the switch. It is the user who will determine (on the client) the actual authentication type.

l      For password authentication, username should be consistent with a valid user name defined in AAA; for rsa authentication, username is the name of an SSH local user, and there is no need to configure a local user in AAA.

 

By default, no authentication type is set for new users, so they cannot access the switch.

For new users, you must specify the authentication type for them through the ssh user authentication-type command on the server. Otherwise, they cannot access the switch. A new authentication type configuration will take effect at the next login.

Related command: display ssh user-information.

Example

# Set the authentication type for user kk to password authentication.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh user kk authentication-type password

1.1.19  ssh-server source-interface

Syntax

ssh-server source-interface interface-type interface-number

undo ssh-server source-interface

View

System view

Parameter

interface-type: Source interface type, which can be LoopBack or VLAN-interface.

interface-number: Source interface number.

Description

Use the ssh-server source-interface command to specify a source interface for the SSH server. If the specified interface does not exist, the command fails.

Use the undo ssh-server source-interface command to cancel the source interface setting. Then, a local device address determined by the system can be used by SSH users to access the server.

Example

# Specify VLAN-interface2 as the source interface of the SSH server.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh-server source-interface Vlan-interface 2

1.1.20  ssh-server source-ip

Syntax

ssh-server source-ip ip-address

undo ssh-server source-ip

View

System view

Parameter

ip-address: IP address to be set as the source IP address.

Description

Use the ssh-server source-ip command to specify a source IP address for the SSH server. If the specified IP address is not an IP address of the device, the command fails.

Use the undo ssh-server source-ip command to cancel the source IP address setting. Then, a local device address determined by the system can be used by users to access the switch.

Example

# Specify source IP address 192.168.0.1 for the SSH server.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh-server source-ip 192.168.0.1 

1.2  SSH Client Configuration Commands

1.2.1  display ssh2 source-ip

Syntax

display ssh2 source-ip

View

Any view

Parameter

None

Description

Use the display ssh2 source-ip command to display the current source IP address or the IP address of the source interface specified for the SSH2 client. If neither source IP address nor source interface is specified, the command displays 0.0.0.0.

Example

# Display the current source IP address specified for the SSH2 Client.

<H3C> display ssh2 source-ip

The source IP you specified is 192.168.0.1

1.2.2  display ssh server-info

Syntax

display ssh server-info

View

Any view

Parameter

None

Description

Use the display ssh server-info command to display the association between the server public keys configured on the client and the servers.

Example

# Display the association between the server public keys and the servers.

[H3C] display ssh server-info

Server Name(IP)                 Server public key name

______________________________________________________

192.168.0.1                     abc_key01

192.168.0.2                     abc_key02

1.2.3  public-key-code begin

Syntax

public-key-code begin

View

Public key view

Parameter

None

Description

Use the public-key-code begin command to enter public key edit view and input a public key of a server.

When you input the key data, spaces are allowed between the characters you input (because the system can remove the spaces automatically); you can also press <Enter> to continue your input at the next line. But the key you input should be a hexadecimal digit string generated randomly by using the rsa local-key-pair create command on an SSH server.

Related command: rsa peer-public-key, public-key-code end.

Example

# Enter public key edit view and input a public key of a server.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key H3C003

[H3C-rsa-public-key] public-key-code begin

[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463

[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913

[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4

[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC

[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16

[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key]

1.2.4  public-key-code end

Syntax

public-key-code end

View

Public key edit view

Parameter

None

Description

Use the public-key-code end command to return from public key edit view to public key view and save the public key you input.

After you use this command to end editing the public key, the system will check the validity of the public key before saving the key.

l           If there is any illegal character in the key, your configuration fails. In this case, a prompt is displayed and the key is discarded.

l           If the key is valid, it is saved in the local public key list.

Related command: rsa peer-public-key, public-key-code begin.

Example

# Exit public key edit view and save the public key you input.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key H3C003

[H3C-rsa-public-key] public-key-code begin

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key]

1.2.5  quit

Syntax

quit

View

User view

Parameter

None

Description

Use the quit command to terminate the connection to the remote SSH server.

Example

# Terminate the connection to the remote SSH server.

<H3C> quit

1.2.6  rsa peer-public-key

Syntax

rsa peer-public-key key-name

View

System view

Parameter

key-name: Server public key name, a string of 1 to 64 characters.

Description

Use the rsa peer-public-key command to enter public key view.

After using this command, you can use the public-key-code begin command to configure a server's public key (generated randomly by using the rsa local-key-pair create command on a server) on the client.

Related command: public-key-code begin, public-key-code end, rsa local-key-pair create.

Example

# Enter H3C002 public key view.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] rsa peer-public-key H3C002

[H3C-rsa-public-key]

1.2.7  ssh client assign rsa-key

Syntax

ssh client { server-ip | server-name } assign rsa-key keyname

undo ssh client server-ip assign rsa-key

View

System view

Parameter

server-ip: Server IP address.

server-name: Server name, a string of 1 to 80 characters.

keyname: Server public key name, a string of 1 to 64 characters.

Description

Use the ssh client assign rsa-key command to assign a public key to an SSH server on the client, so that the client can regard the server as a reliable server when it connects to the server.

Use the undo ssh client assign rsa-key command to cancel the assignment.

Example

# Configure the public key named "abc" for server 192.168.0.1 on the client.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh client 192.168.0.1 assign rsa-key abc

1.2.8  ssh client first-time enable

Syntax

ssh client first-time enable

undo ssh client first-time

View

System view

Parameter

None

Description

Use the ssh client first-time enable command to enable the client to run initial authentication for the SSH server it accesses for the first time.

Use the undo ssh client first-time command to disable the client from running initial authentication.

 

&  Note:

If an SSH client is enabled to run initial authentication, when the SSH client accesses an SSH server for the first time and it does not have the public key of the server, the client allows you to select to continue the access and save the public key of the server to local device; when the client accesses the server at the next time, it will authenticate the server against the public key saved locally.

 

When an SSH client is disabled from running initial authentication, the SSH client cannot access an SSH server if it does not have the public key of the server. In this case, you need first to save the public key of the target server to the client in another way.

By default, the client is enabled to run initial authentication.

Example

# Enable the client to run initial authentication.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh client first-time enable

1.2.9  ssh2

Syntax

ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [ prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]

View

System view

Parameter

host-ip: Server IP address.

host-name: Server name, a string of 1 to 20 characters.

port-num: Server port number. It is in the range of 0 to 65,535 and defaults to 22.

prefer_kex: Specifies the preferred key exchange algorithm. You can select one from the following two algorithms.

dh_group1: Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default algorithm.

dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.

prefer_ctos_cipher: Specifies the preferred client-to-server encryption algorithm, which is AES128 by default.

prefer_stoc_cipher: Specifies the preferred server-to-client encryption algorithm, which is AES128 by default.

des: DES_cbc encryption algorithm.

aes128: AES_128 encryption algorithm.

prefer_ctos_hmac: Specifies the preferred client-to-server HMAC (Hash-based message authentication code) algorithm, which is SHA1_96 by default.

prefer_stoc_hmac: Specifies the preferred server-to-client HMAC algorithm, which is SHA1_96 by default.

sha1: HMAC-SHA1 algorithm.

sha1_96: HMAC-SHA1-96 algorithm.

md5: HMAC-MD5 algorithm.

md5_96: HMAC-MD5-96 algorithm.

 

&  Note:

l      DES (data encryption standard) is a standard data encryption algorithm.

l      AES (advanced encryption standard) is an advanced encryption standard algorithm.

 

Description

Use the ssh2 command to start the SSH client to establish a connection with an SSH server, and at the same time specify the preferred key exchange algorithm, encryption algorithms and HMAC algorithms between the server and client.

Example

# Log into SSH2.0 server 10.214.50.51 with:

l           dh_exchange_group as the preferred key exchange algorithm,

l           aes128 as the preferred server-to-client encryption algorithm,

l           md5 as the preferred client-to-server HMAC algorithm, and

l           sha1_96 as the preferred server-to-client HMAC algorithm.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh2 10.214.50.51 prefer_kex dh_exchange_group prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96

1.2.10  ssh2 source-interface

Syntax

ssh2 source-interface interface-type interface-number

undo ssh2 source-interface

View

System view

Parameter

interface-type: Source interface type, which can be LoopBack or VLAN-interface.

interface-number: Source interface number.

Description

Use the ssh2 source-interface command to specify a source interface for the SSH2 client. If the specified interface does not exist, the command fails.

Use the undo ssh2 source-interface command to cancel the source interface setting. Then, a local device address determined by the system is used to access an SSH2 server.

Example

# Specify source interface VLAN-interface1 for the SSH2 client.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh2 source-interface Vlan-interface 1

1.2.11  ssh2 source-ip

Syntax

ssh2 source-ip ip-address

undo ssh2 source-ip

View

System view

Parameter

ip-address: Source IP address.

Description

Use the ssh2 source-ip command to specify a source IP address for the SSH2 client. If the specified IP address is not an address of the device, the command fails.

Use the undo ssh2 source-ip command to cancel the source IP address setting. Then, a local device address determined by the system is used to access an SSH2 server.

Example

# Specify source IP address 192.168.1.1 for the SSH2 client.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh2 source-ip 192.168.1.1

1.3  SFTP Server Configuration Commands

1.3.1  sftp server enable

Syntax

sftp server enable

undo sftp server

View

System view

Parameter

None

Description

Use the sftp server enable command to enable secure FTP (SFTP) Server.

Use the undo sftp server command to disable SFTP Server.

By default, SFTP Server is disabled.

Example

# Enable SFTP Server.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] sftp server enable

1.3.2  ssh user service-type

Syntax

ssh user username service-type { stelnet | sftp | all }

undo ssh user username service-type

View

System view

Parameter

username: SSH user name, a string of 1 to 80 characters.

stelnet: Specifies that the user can access the secure Telnet service.

sftp: Specifies that the user can access the SFTP service.

all: Specifies that the user can access both services (secure Telnet and SFTP).

Description

Use the ssh user service-type command to configure service type for a user so that the user can access specified service(s).

Use the undo ssh user service-type command to restore the default service type.

The default service type for an SSH user is stelnet.

Related command: display ssh user-information.

Example

# Specify that user kk can access SFTP service.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh user kk service-type sftp

1.3.3  sftp timeout

Syntax

sftp timeout time-out-value

undo sftp timeout

View

System view

Parameter

Time-out-value: Timeout time, in the range of 1 to 35,791 (minutes).

Description

Use the sftp timeout command to set the idle timeout time for SFTP connections.

Use the undo sftp timeout command to restore the default idle timeout time (that is, 10 minutes).

After this setting, the system will automatically release an SFTP connection when the SFTP connection is idle for a time longer than the time threshold you set.

Example

# Set the idle timeout time for SFTP connections to 500 minutes.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] sftp timeout 500

1.4  SFTP Client Configuration Commands

1.4.1  bye

Syntax

bye

View

SFTP client view

Parameter

None

Description

Use the bye command to terminate the connection to a remote SFTP server and return to system view.

This command has the same function as the exit and quit commands.

Example

# Terminate the connection to the remote SFTP server.

sftp-client> bye

Bye

[H3C]

1.4.2  cd

Syntax

cd [ remote-path ]

View

SFTP client view

Parameter

remote-path: Name of a path on the remote SFTP server.

Description

Use the cd command to change the current path on the remote SFTP server. If the remote-path argument is not specified, the current path is displayed.

 

&  Note:

You can use the cd.. command to return to the upper level directory.

You can use the cd / command to return to the root directory of the system (that is, flash:/).

 

Example

# Change current path to new1.

sftp-client> cd new1

Current Directory is:

flash:/new1

1.4.3  cdup

Syntax

cdup

View

SFTP client view

Parameter

None

Description

Use the cdup command to return to the upper directory of the current path on the remote SFTP server.

Example

# Return to the upper directory.

sftp-client> cdup

Current Directory is:

flash:/

1.4.4  delete

Syntax

delete remote-file

View

SFTP client view

Parameter

remote-file: Name of a file on the remote SFTP server.

Description

Use the delete command to delete the specified file from the remote SFTP server.

This command has the same function as the remove command.

Example

# Delete file test.txt from the remote SFTP server.

sftp-client> delete test.txt

The followed File will be deleted:

flash:/test.txt

Are you sure to delete it?(Y/N):y

This operation may take a long time.Please wait...

 

File successfully Removed

1.4.5  dir

Syntax

dir [ remote-path ]

View

SFTP client view

Parameter

remote-path: Path name of the intended directory.

Description

Use the dir command to display the specified directory on the remote SFTP server.

If the remote-path argument is not specified, the files in the current directory are displayed.

This command has the same function as the ls command.

Example

# Display the files in directory flash:/.

sftp-client> dir flash:/

-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg

-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2

-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey1

-rwxrwxrwx   1 noone    nogroup       225 Sep 28 08:28 pub1

drwxrwxrwx   1 noone    nogroup         0 Sep 28 08:24 new1

drwxrwxrwx   1 noone    nogroup         0 Sep 28 08:18 new2

-rwxrwxrwx   1 noone    nogroup       225 Sep 28 08:30 pub2

1.4.6  display sftp source-ip

Syntax

display sftp source-ip

View

Any view

Parameter

None

Description

Use the display sftp source-ip command to display the current source IP address or the IP address of the source interface specified for the SFTP client. If neither source IP address nor source interface is specified, the command displays 0.0.0.0.

Example

# Display the current source IP address specified for the SFTP client.

<H3C> display sftp source-ip

The source IP you specified is 192.168.1.1

1.4.7  exit

Syntax

exit

View

SFTP client view

Parameter

None

Description

Use the exit command to terminate the connection to the remote SFTP server and return to system view.

This command has the same function as the bye and quit commands.

Example

# Terminate the connection to the remote SFTP server.

sftp-client> exit

Bye

[H3C]

1.4.8  get

Syntax

get remote-file [ local-file ]

View

SFTP client view

Parameter

remote-file: Name of a file on the remote SFTP server.

local-file: Name of the file to which the remote file will be saved.

Description

Use the get command to download and save a file from the remote server to the client.

If no local file name is specified, the remote file will be saved to the client with its original name.

Example

# Download file tt.bak and save it with name tt.txt.

sftp-client>get tt.bak tt.txt....

Remote  file:flash:/tt.bak --->  Local file: tt.txt..

Downloading file successfully ended

1.4.9  help

Syntax

help [ command ]

View

SFTP client view

Parameter

command: Name of a command.

Description

Use the help command to get help information about one or all SFTP client commands.

If the command argument is not specified, the help information about all SFTP client commands is displayed.

Example

# Display help information about the get command.

sftp-client> help get

get remote-path [local-path]  Download file.Default local-path is the same

                              with remote-path

1.4.10  ls

Syntax

ls [ remote-path ]

View

SFTP client view

Parameter

remote-path: Name of the intended directory.

Description

Use the ls command to display the files in the specified directory on the remote SFTP server.

If the remote-path argument is not specified, the files in the current directory are displayed.

This command has the same function as the dir command.

Example

# Display the files in directory flash:/.

sftp-client> ls flash:/

-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg

-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2

-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey1

-rwxrwxrwx   1 noone    nogroup       225 Sep 28 08:28 pub1

drwxrwxrwx   1 noone    nogroup         0 Sep 28 08:24 new1

drwxrwxrwx   1 noone    nogroup         0 Sep 28 08:18 new2

-rwxrwxrwx   1 noone    nogroup       225 Sep 28 08:30 pub2

1.4.11  mkdir

Syntax

mkdir remote-path

View

SFTP client view

Parameter

remote-path: Name of a directory on the remote SFTP server.

Description

Use the mkdir command to create a directory on the remote SFTP server.

Example

# Create directory hj on the remote SFTP server.

sftp-client> mkdir hj

New directory created

1.4.12  put

Syntax

put local-file [ remote-file ]

View

SFTP client view

Parameter

local-file: Name of a file on the client.

remote-file: Name of the file to which the local file will be saved on the remote SFTP server.

Description

Use the put command to upload a local file to the remote SFTP server.

If no remote file name is specified, the local file will be saved to the remote SFTP server with its original name.

Example

# Upload local file config.cfg to the remote SFTP server and save it with the name 1.txt.

sftp-client>put config.cfg 1.txt

Local file:config.cfg --->  Remote file: flash:/1.txt

Uploading file successfully ended

1.4.13  pwd

Syntax

pwd

View

SFTP client view

Parameter

None

Description

Use the pwd command to display the current directory on the remote SFTP server.

Example

# Display the current directory on the remote SFTP server.

sftp-client> pwd

flash:/

1.4.14  quit

Syntax

quit

View

SFTP client view

Parameter

None

Description

Use the quit command to terminate the connection to the remote SFTP server and return to system view.

This command has the same function as the bye and exit commands.

Example

# Terminate the connection to the remote SFTP server.

sftp-client> quit

Bye

[H3C]

1.4.15  remove

Syntax

remove remote-file

View

SFTP client view

Parameter

remote-file: Name of a file on the remote SFTP server.

Description

Use the remove command to delete a specified file from the remote SFTP server.

This command has the same function as the delete command.

Example

# Delete file temp.c from the remote SFTP server.

sftp-client> remove temp.c

The followed File will be deleted:

flash:/test2.txt

Are you sure to delete it?(Y/N):y

This operation may take a long time.Please wait...

 

File successfully Removed

1.4.16  rename

Syntax

rename oldname newname

View

SFTP client view

Parameter

oldname: Original file name.

newname: New file name.

Description

Use the rename command to change the name of a specified file on the remote SFTP server.

Example

# Change the name of file temp.bat on the remote SFTP server to temp.txt.

sftp-client> rename temp bat temp.txt

File successfully renamed

1.4.17  rmdir

Syntax

rmdir remote-path

View

SFTP client view

Parameter

remote-path: Name of a directory on the remote SFTP server.

Description

Use the rmdir command to delete a specified directory from the remote SFTP server.

Example

# Delete directory hello from the remote SFTP server.

sftp-client> rmdir hello

The followed directory will be deleted

flash:/hello

Are you sure to remove it?(Y/N):y

 

Directory successfully removed

1.4.18  sftp

Syntax

sftp { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [ prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]

View

System view

Parameter

host-ip: IP address of an SFTP server.

host-name: Name of an SFTP server, a string of 1 to 20 characters.

port-num: Port number of the SFTP server, in the range 0 to 65,535. The default port number is 22.

prefer_kex: Specifies the preferred key exchange algorithm. You can choose one from the following two algorithms.

dh_group1: Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default key exchange algorithm.

dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.

prefer_ctos_cipher: Specifies the preferred client-to-server encryption algorithm. It defaults to AES128.

prefer_stoc_cipher: Specifies the preferred server-to-client encryption algorithm. It defaults to AES128.

des: DES_cbc encryption algorithm.

aes128: AES_128 encryption algorithm.

prefer_ctos_hmac: Specifies the preferred client-to-server HMAC algorithm. It defaults to SHA1_96.

prefer_stoc_hmac: Specifies the preferred server-to-client HMAC algorithm. It defaults to SHA1_96.

sha1: HMAC-SHA1 algorithm.

sha1_96: HMAC-SHA1-96 algorithm.

md5: HMAC-MD5 algorithm.

md5_96: HMAC-MD5-96 algorithm.

Description

Use the sftp command to establish a connection to a remote SFTP server and enter SFTP client view.

Example

# Establish a connection to SFTP server 192.168.0.65 with default encryption algorithms.

[H3C]sftp 192.168.0.65

Input Username: kk

Trying 192.168.0.65 ...

Press CTRL+K to abort

Connected to 192.168.0.65 ...

 

The Server is not authenticated. Do you continue access it?(Y/N):y

Do you want to save the server's public key?(Y/N):y

Enter password:

 

sftp-client>

1.4.19  sftp source-interface

Syntax

sftp source-interface interface-type interface-number

undo sftp source-interface

View

System view

Parameter

interface-type: Source interface type, which can be LoopBack or VLAN-interface.

interface-number: Source interface number.

Description

Use the sftp source-interface command to specify a source interface for the SFTP client. If the specified interface does not exist, the command fails.

Use the undo sftp source-interface command to cancel the source interface setting. Then, a local device address determined by the system is used to access an SFTP server.

Example

# Specify source interface VLAN-interface2 for the SFTP client.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] sftp source-interface Vlan-interface 2

1.4.20  sftp source-ip

Syntax

sftp source-ip ip-address

undo sftp source-ip

View

System view

Parameter

ip-address: Source IP address.

Description

Use the sftp source-ip command to specify a source IP address for the SFTP client. If the specified IP address is not an address of the device, the command fails.

Use the undo sftp source-ip command to cancel the source IP address setting. Then, a local device address determined by the system is used to access an SFTP Server.

Example

# Specify source IP address 192.168.0.1 for the SFTP client.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] sftp source-ip 192.168.0.1

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网