- Table of Contents
-
- H3C S3100-52P Ethernet Switch Command Manual-Release 1500(V1.01)
- 00-1Cover
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-IP Address and Performance Confiugration Command
- 07-GVRP Command
- 08-Port Basic Configuration Command
- 09-Link Aggregation Command
- 10-Port Isolation Command
- 11-DLDP Command
- 12-MAC Address Table Command
- 13-MSTP Command
- 14-Multicast Command
- 15-Routing Protocol Command
- 16-802.1x Command
- 17-AAA-RADIUS-HWTACACS Command
- 18-Centralized MAC Address Authentication Command
- 19-DHCP Command
- 20-ARP Command
- 21-ACL Command
- 22-QoS Command
- 23-Mirroring Command
- 24-Cluster Command
- 25-SNMP and RMON Command
- 26-NTP Command
- 27-SSH Terminal Service Command
- 28-File System Management Command
- 29-FTP and TFTP Command
- 30-Information Center Command
- 31-System Maintenance and Debugging Command
- 32-VLAN VPN Command
- 33-HWPing Command
- 34-DNS Command
- 35-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
27-SSH Terminal Service Command | 207 KB |
Table of Contents
Chapter 1 SSH Terminal Service Configuration Commands
1.1 SSH Server Configuration Commands
1.1.1 display rsa local-key-pair public
1.1.2 display rsa peer-public-key
1.1.4 display ssh user-information
1.1.5 display ssh-server source-ip
1.1.10 rsa local-key-pair create
1.1.11 rsa local-key-pair destroy
1.1.13 rsa peer-public-key import sshkey
1.1.14 ssh authentication-type default
1.1.15 ssh server authentication-retries
1.1.17 ssh user assign rsa-key
1.1.18 ssh user authentication-type
1.1.19 ssh-server source-interface
1.2 SSH Client Configuration Commands
1.2.7 ssh client assign rsa-key
1.2.8 ssh client first-time enable
1.3 SFTP Server Configuration Commands
1.4 SFTP Client Configuration Commands
Chapter 1 SSH Terminal Service Configuration Commands
1.1 SSH Server Configuration Commands
1.1.1 display rsa local-key-pair public
Syntax
display rsa local-key-pair public
View
Any view
Parameter
None
Description
Use the display rsa local-key-pair public command to display the public key in the host key pair on the server. If no key pair has been generated, the system prompts “% RSA keys not found”.
Related command: rsa local-key-pair create.
Example
# Display the public key in the host key pair on the server.
<H3C> display rsa local-key-pair public
=====================================================
Time of Key pair created: 20:08:35 2000/04/02
Key name: H3C_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
DE99B540 87B666B9 69C948CD BBCC2B60 997F9C18
9AA6651C 6066EF76 242DEAD1 DEFEA162 61677BD4
1A7BFAE7 668EDAA9 FB048C37 A0F1354D 5798C202
2253F4F5
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDembVAh7ZmuWnJSM27zCtgmX+cGJqmZRxg
Zu92JC3q0d7+oWJhZ3vUGnv652aO2qn7BIw3oPE1TVeYwgIiU/T1
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH authorized_keys file :
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQDembVAh7ZmuWnJSM27zCtgmX+cGJqmZRxgZu92JC3q
0d7+oWJhZ3vUGnv652aO2qn7BIw3oPE1TVeYwgIiU/T1 rsa-key
1.1.2 display rsa peer-public-key
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameter
brief: Displays brief information about all client public keys.
keyname: Name of a client public key, a string of 1 to 64 characters.
Description
Use the display rsa peer-public-key command to display the public key in the RSA key pair of a specific client. If no key name is specified, the command displays all client public keys.
Example
# Display all client public keys in brief.
<H3C> display rsa peer-public-key brief
Address Bits Name
---------------------------
1023 abcd
1024 hq
# Display the client public key named "abcd".
<H3C> display rsa peer-public-key name abcd
=====================================
Key name: abcd
Key address:
=====================================
Key Code:
308186
028180
739A291A BDA704F5 D93DC8FD F84C4274 631991C1 64B0DF17 8C55FA83 3591C7D4
7D5381D0 9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408
61B74A0E 135523CC D74CAC61 F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9
44018B3B 69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4 BB45504F
0201
25
1.1.3 display ssh server
Syntax
display ssh server { status | session }
View
Any view
Parameter
status: Displays SSH status information.
session: Displays SSH session information.
Description
Use the display ssh server command to display status or session information about the SSH Server.
Related command: ssh server authentication-retries, ssh server timeout.
Example
# Display status information about the SSH Server.
<H3C> display ssh server status
SSH version : 2.0
SSH connection timeout : 60 seconds
SSH Authentication retries : 2 times
SFTP Server: Disable
# Display session information about the SSH Server.
<H3C> display ssh server session
Conn Ver Encry State Retry SerType Username
VTY 0 2.0 AES started 0 stelnet kk
VTY 1 2.0 AES started 0 sFTP abc
Table 1-1 Description on the fields of the display ssh server session command
Field |
Description |
Conn |
Number of VTY interface used for user login |
Ver |
SSH version |
Encry |
Encryption algorithm used by SSH |
State |
Session status |
Retry |
Number of connection retries |
SerType |
Service type |
Username |
User name |
1.1.4 display ssh user-information
Syntax
display ssh user-information [ username ]
View
Any view
Parameter
username: SSH user name, a string of 1 to 80 characters.
Description
Use the display ssh user-information command to display information about the current SSH users, including user name, authentication type, corresponding public key name and authorized service type. If the username argument is specified, the command displays information about the specified user.
Example
# Display information about the current SSH users.
<H3C> display ssh user-information
Username Authentication-type User-public-key-name Service-type
kk rsa test sftp
1.1.5 display ssh-server source-ip
Syntax
display ssh-server source-ip
View
Parameter
None
Description
Use the display ssh-server source-ip command to display the current source IP address or the IP address of the source interface specified for the SSH server. If neither source IP address nor source interface is specified, the command displays 0.0.0.0.
Example
# Display the current source IP address specified for the SSH Server.
<H3C> display ssh-server source-ip
The source IP you specified is 192.168.1.1
1.1.6 peer-public-key end
Syntax
peer-public-key end
View
Public key view
Parameter
None
Description
Use the peer-public-key end command to return from public key view to system view.
Related command: rsa peer-public-key, public-key-code begin.
Example
# Exit public key view.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] peer-public-key end
[H3C]
1.1.7 protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all: Supports both Telnet and SSH.
ssh: Supports only SSH.
telnet: Supports only Telnet.
Description
Use the protocol inbound command to configure specific user interface(s) to support specified protocol(s). The configuration will take effect at next user login.
By default, both SSH and Telnet are supported.
Caution:
l If you have configured a user interface to support SSH protocol, to ensure a successful login to the user interface, you must configure AAA authentication for the user interface by using the authentication-mode scheme command.
l For a user interface, if you have executed the authentication-mode password or authentication-mode none command, the protocol inbound ssh command cannot be executed; if you have executed the protocol inbound ssh command, neither of the authentication-mode password and authentication-mode none commands can be executed.
Related command: user-interface vty.
Example
# Configure vty0 through vty4 to support SSH only.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] protocol inbound ssh
1.1.8 public-key-code begin
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin command to enter public key edit view and input a client public key.
When you input the key data, spaces are allowed between the characters you input (because the system can remove the spaces automatically); you can also press <Enter> to continue your input at the next line. But the key you input should be a hexadecimal digit string generated randomly by an SSH2.0-supported client software.
Related command: rsa peer-public-key, public-key-code end.
Example
# Enter public key edit view and input a client public key.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code begin
[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key]
1.1.9 public-key-code end
Syntax
public-key-code end
View
Public key edit view
Parameter
None
Description
Use the public-key-code end command to return from public key edit view to public key view and save the public key you input.
After you use this command to end editing a public key, the system will check the validity of the public key before saving the key.
l If there is any illegal character in the key, your configuration fails. In this case, a prompt is displayed and the key is discarded.
l If the key is valid, it is saved in the local public key list.
Related command: rsa peer-public-key, public-key-code begin.
Example
# Exit public key edit view and save the public key.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C]rsa peer-public-key kk
[H3C-rsa-public-key]public-key-code begin
[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key]
1.1.10 rsa local-key-pair create
Syntax
rsa local-key-pair create
View
System view
Parameter
None
Description
Use the rsa local-key-pair create command to generate an RSA host key pair, which is named in the format of switch name plus "Host".
After you issue the command, the system prompts you to input a key length. In SSH2.0, the key length is in the range of 512 to 2048 (bits). If the RSA key pair already exists, the system will ask whether you want to replace the original key pair with a new one.
For a successful SSH login, you must first generate a local RSA key pair. You just need to execute the rsa local-key-pair create command once, and need not execute the command again after the system is rebooted.
Related command: rsa local-key-pair destroy, display rsa local-key-pair public.
Example
# Generate a local RSA key pair.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa local-key-pair create
The local-key-pair will be created.
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
........................++++++
.......++++++
.................................++++++++
...++++++++
........Done!
1.1.11 rsa local-key-pair destroy
Syntax
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Use the rsa local-key-pair destroy command to destroy the server's RSA key pair.
Related command: rsa local-key-pair create.
Example
# Destroy the server's RSA key pair.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa local-key-pair destroy
% The local-key-pair will be destroyed.
% Confirm to destroy these keys? [Y/N]:y
.............Done!
1.1.12 rsa peer-public-key
Syntax
rsa peer-public-key key-name
View
System view
Parameter
key-name: Name of a client public key, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command to enter public key view.
After using this command, you can use the public-key-code begin command to manually configure a client public key on the server. Before you can do this, you should first obtain the hexadecimal-format public key that is randomly generated on a client.
Related command: public-key-code begin, public-key-code end.
Example
# Enter H3C002 public key view.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
1.1.13 rsa peer-public-key import sshkey
Syntax
rsa peer-public-key key-name import sshkey file-name
View
System view
Parameter
key-name: Name of the client public key to be configured, a string of 1 to 64 characters.
file-name: Name of a client public key file (which was uploaded beforehand from a client to the Flash memory of the sever), a string of 1 to 142 characters.
Description
Use the rsa peer-public-key import sshkey command to transform a client public key file to the PKCS format and use the file to automatically configure a client public key.
This configuration releases you from manually inputting a client public key. You need only to upload the public key file of the RSA key pair on a client to the server through FTP/TFTP, and then use this command to transform the key file format and use the file to configure a client public key on the server.
Example
# Transform the format of client public key file abc and configure a public key named 123.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key 123 import sshkey abc
1.1.14 ssh authentication-type default
Syntax
ssh authentication-type default { password | rsa | password-publickey | all }
undo ssh authentication-type default
View
System view
Parameter
password: Specifies the authentication type of SSH users to password authentication.
rsa: Specifies the authentication type of SSH users to RSA public key authentication.
password-publickey: Specifies the authentication type of SSH users to both password authentication and public key authentication, that is, both the password authentication and public key authentication must be passed.
all: Specifies the authentication type of SSH users to either password authentication or public key authentication, that is, one of the two types of authentication must be passed.
Description
Use the ssh authentication-type default command to specify a default authentication type for SSH users.
With this command configured, after you add a new SSH user by using the ssh user command, the default authentication type is adopted for the user unless you use the ssh user authentication-type command to separately specify an authentication type for the user.
Use the undo ssh authentication-type default command to remove the default authentication type.
After the undo command is executed, no default authentication type exists. When you add a new SSH user, you must specify an authentication type for it simultaneously.
There is no default authentication type unless you use the ssh authentication-type default command to specify it.
Related command: ssh user authentication-type.
& Note:
If the default authentication type for SSH users is password and local AAA authentication is adopted, you need not use the ssh user command to create an SSH user. Instead, you should use the local-user command to create a user name and its password and then set the service type of the user to SSH.
Example
# Specify the default authentication type of SSH users to password authentication.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh authentication-type default password
1.1.15 ssh server authentication-retries
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameter
times: Authentication retry times, in the range of 1 to 5.
Description
Use the ssh server authentication-retries command to set the authentication retry times for SSH connections.
Use the undo ssh server authentication-retries command to restore the default authentication retry times.
By default, the number of authentication retry times is 3.
The configuration here will take effect at next user login.
Related command: display ssh server.
& Note:
If you have used the ssh user authentication-type command to configure the authentication type of a user to password-publickey, you must set the authentication retry times to a number greater than or equal to 2 (so that the user can access the switch), because one is counted when a client sends the member module of its public key to the server.
Example
# Set the authentication retry times to four.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh server authentication-retries 4
1.1.16 ssh server timeout
Syntax
ssh server timeout seconds
undo ssh server timeout
View
System view
Parameter
seconds: Authentication timeout time, ranging from 1 to 120 (in seconds).
Description
Use the ssh server timeout command to set the authentication timeout time for SSH connections.
Use the undo ssh server timeout command to restore the default timeout time (that is, 60 seconds).
The configuration here will take effect at next login.
Related command: display ssh server.
Example
# Set the authentication timeout time to 80 seconds.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh server timeout 80
1.1.17 ssh user assign rsa-key
Syntax
ssh user username assign rsa-key keyname
undo ssh user username assign rsa-key
View
System view
Parameter
username: Valid SSH user name, a string of 1 to 80 characters.
keyname: Client public key name, a string of 1 to 64 characters.
Description
Use the ssh user assign rsa-key command to assign a client public key to an SSH user. This configuration takes effect at the next login.
Use the undo ssh user assign rsa-key command to remove this assignment, so that no public key is associated with the user.
If the user has already been assigned with a public key, the newly assigned public key will overwrite the old one.
Related command: display ssh user-information.
Example
# Assign the client public key named "key1" to user kk.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh user kk assign rsa-key key1
1.1.18 ssh user authentication-type
Syntax
ssh user username authentication-type { password | rsa | password-publickey | all }
undo ssh user username authentication-type
View
System view
Parameter
username: Valid SSH user name, a string of 1 to 80 characters.
password: Sets the authentication type to password authentication.
rsa: Sets the authentication type to RSA public key authentication.
password-publickey: Sets the authentication type to both password and RSA public key authentication. That is, the user can access the switch only when both the password authentication and the RSA public key authentication are passed.
all: Sets the authentication type to either password or RSA public key authentication. That is, the user can access the switch as long as one of the two authentications (password and RSA public key) is passed.
Description
Use the ssh user authentication-type command to set the available authentication type for an SSH user.
Use the undo ssh user authentication-type command to restore the default setting.
& Note:
l This command only determines what kind of authentication is allowed for a user to log into the switch. It is the user who will determine (on the client) the actual authentication type.
l For password authentication, username should be consistent with a valid user name defined in AAA; for rsa authentication, username is the name of an SSH local user, and there is no need to configure a local user in AAA.
By default, no authentication type is set for new users, so they cannot access the switch.
For new users, you must specify the authentication type for them through the ssh user authentication-type command on the server. Otherwise, they cannot access the switch. A new authentication type configuration will take effect at the next login.
Related command: display ssh user-information.
Example
# Set the authentication type for user kk to password authentication.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh user kk authentication-type password
1.1.19 ssh-server source-interface
Syntax
ssh-server source-interface interface-type interface-number
undo ssh-server source-interface
View
Parameter
interface-type: Source interface type, which can be LoopBack or VLAN-interface.
interface-number: Source interface number.
Description
Use the ssh-server source-interface command to specify a source interface for the SSH server. If the specified interface does not exist, the command fails.
Use the undo ssh-server source-interface command to cancel the source interface setting. Then, a local device address determined by the system can be used by SSH users to access the server.
Example
# Specify VLAN-interface2 as the source interface of the SSH server.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh-server source-interface Vlan-interface 2
1.1.20 ssh-server source-ip
Syntax
ssh-server source-ip ip-address
undo ssh-server source-ip
View
System view
Parameter
ip-address: IP address to be set as the source IP address.
Description
Use the ssh-server source-ip command to specify a source IP address for the SSH server. If the specified IP address is not an IP address of the device, the command fails.
Use the undo ssh-server source-ip command to cancel the source IP address setting. Then, a local device address determined by the system can be used by users to access the switch.
Example
# Specify source IP address 192.168.0.1 for the SSH server.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh-server source-ip 192.168.0.1
1.2 SSH Client Configuration Commands
1.2.1 display ssh2 source-ip
Syntax
display ssh2 source-ip
View
Parameter
None
Description
Use the display ssh2 source-ip command to display the current source IP address or the IP address of the source interface specified for the SSH2 client. If neither source IP address nor source interface is specified, the command displays 0.0.0.0.
Example
# Display the current source IP address specified for the SSH2 Client.
<H3C> display ssh2 source-ip
The source IP you specified is 192.168.0.1
1.2.2 display ssh server-info
Syntax
display ssh server-info
View
Any view
Parameter
None
Description
Use the display ssh server-info command to display the association between the server public keys configured on the client and the servers.
Example
# Display the association between the server public keys and the servers.
[H3C] display ssh server-info
Server Name(IP) Server public key name
______________________________________________________
192.168.0.1 abc_key01
192.168.0.2 abc_key02
1.2.3 public-key-code begin
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin command to enter public key edit view and input a public key of a server.
When you input the key data, spaces are allowed between the characters you input (because the system can remove the spaces automatically); you can also press <Enter> to continue your input at the next line. But the key you input should be a hexadecimal digit string generated randomly by using the rsa local-key-pair create command on an SSH server.
Related command: rsa peer-public-key, public-key-code end.
Example
# Enter public key edit view and input a public key of a server.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code begin
[H3C-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key]
1.2.4 public-key-code end
Syntax
public-key-code end
View
Public key edit view
Parameter
None
Description
Use the public-key-code end command to return from public key edit view to public key view and save the public key you input.
After you use this command to end editing the public key, the system will check the validity of the public key before saving the key.
l If there is any illegal character in the key, your configuration fails. In this case, a prompt is displayed and the key is discarded.
l If the key is valid, it is saved in the local public key list.
Related command: rsa peer-public-key, public-key-code begin.
Example
# Exit public key edit view and save the public key you input.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code begin
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key]
1.2.5 quit
Syntax
quit
View
User view
Parameter
None
Description
Use the quit command to terminate the connection to the remote SSH server.
Example
# Terminate the connection to the remote SSH server.
<H3C> quit
1.2.6 rsa peer-public-key
Syntax
rsa peer-public-key key-name
View
System view
Parameter
key-name: Server public key name, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command to enter public key view.
After using this command, you can use the public-key-code begin command to configure a server's public key (generated randomly by using the rsa local-key-pair create command on a server) on the client.
Related command: public-key-code begin, public-key-code end, rsa local-key-pair create.
Example
# Enter H3C002 public key view.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
1.2.7 ssh client assign rsa-key
Syntax
ssh client { server-ip | server-name } assign rsa-key keyname
undo ssh client server-ip assign rsa-key
View
System view
Parameter
server-ip: Server IP address.
server-name: Server name, a string of 1 to 80 characters.
keyname: Server public key name, a string of 1 to 64 characters.
Description
Use the ssh client assign rsa-key command to assign a public key to an SSH server on the client, so that the client can regard the server as a reliable server when it connects to the server.
Use the undo ssh client assign rsa-key command to cancel the assignment.
Example
# Configure the public key named "abc" for server 192.168.0.1 on the client.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh client 192.168.0.1 assign rsa-key abc
1.2.8 ssh client first-time enable
Syntax
ssh client first-time enable
undo ssh client first-time
View
System view
Parameter
None
Description
Use the ssh client first-time enable command to enable the client to run initial authentication for the SSH server it accesses for the first time.
Use the undo ssh client first-time command to disable the client from running initial authentication.
& Note:
If an SSH client is enabled to run initial authentication, when the SSH client accesses an SSH server for the first time and it does not have the public key of the server, the client allows you to select to continue the access and save the public key of the server to local device; when the client accesses the server at the next time, it will authenticate the server against the public key saved locally.
When an SSH client is disabled from running initial authentication, the SSH client cannot access an SSH server if it does not have the public key of the server. In this case, you need first to save the public key of the target server to the client in another way.
By default, the client is enabled to run initial authentication.
Example
# Enable the client to run initial authentication.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh client first-time enable
1.2.9 ssh2
Syntax
ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [ prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]
View
System view
Parameter
host-ip: Server IP address.
host-name: Server name, a string of 1 to 20 characters.
port-num: Server port number. It is in the range of 0 to 65,535 and defaults to 22.
prefer_kex: Specifies the preferred key exchange algorithm. You can select one from the following two algorithms.
dh_group1: Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default algorithm.
dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Specifies the preferred client-to-server encryption algorithm, which is AES128 by default.
prefer_stoc_cipher: Specifies the preferred server-to-client encryption algorithm, which is AES128 by default.
des: DES_cbc encryption algorithm.
aes128: AES_128 encryption algorithm.
prefer_ctos_hmac: Specifies the preferred client-to-server HMAC (Hash-based message authentication code) algorithm, which is SHA1_96 by default.
prefer_stoc_hmac: Specifies the preferred server-to-client HMAC algorithm, which is SHA1_96 by default.
sha1: HMAC-SHA1 algorithm.
sha1_96: HMAC-SHA1-96 algorithm.
md5: HMAC-MD5 algorithm.
md5_96: HMAC-MD5-96 algorithm.
& Note:
l DES (data encryption standard) is a standard data encryption algorithm.
l AES (advanced encryption standard) is an advanced encryption standard algorithm.
Description
Use the ssh2 command to start the SSH client to establish a connection with an SSH server, and at the same time specify the preferred key exchange algorithm, encryption algorithms and HMAC algorithms between the server and client.
Example
# Log into SSH2.0 server 10.214.50.51 with:
l dh_exchange_group as the preferred key exchange algorithm,
l aes128 as the preferred server-to-client encryption algorithm,
l md5 as the preferred client-to-server HMAC algorithm, and
l sha1_96 as the preferred server-to-client HMAC algorithm.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh2 10.214.50.51 prefer_kex dh_exchange_group prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96
1.2.10 ssh2 source-interface
Syntax
ssh2 source-interface interface-type interface-number
undo ssh2 source-interface
View
Parameter
interface-type: Source interface type, which can be LoopBack or VLAN-interface.
interface-number: Source interface number.
Description
Use the ssh2 source-interface command to specify a source interface for the SSH2 client. If the specified interface does not exist, the command fails.
Use the undo ssh2 source-interface command to cancel the source interface setting. Then, a local device address determined by the system is used to access an SSH2 server.
Example
# Specify source interface VLAN-interface1 for the SSH2 client.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh2 source-interface Vlan-interface 1
1.2.11 ssh2 source-ip
Syntax
ssh2 source-ip ip-address
undo ssh2 source-ip
View
System view
Parameter
ip-address: Source IP address.
Description
Use the ssh2 source-ip command to specify a source IP address for the SSH2 client. If the specified IP address is not an address of the device, the command fails.
Use the undo ssh2 source-ip command to cancel the source IP address setting. Then, a local device address determined by the system is used to access an SSH2 server.
Example
# Specify source IP address 192.168.1.1 for the SSH2 client.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh2 source-ip 192.168.1.1
1.3 SFTP Server Configuration Commands
1.3.1 sftp server enable
Syntax
sftp server enable
undo sftp server
View
System view
Parameter
None
Description
Use the sftp server enable command to enable secure FTP (SFTP) Server.
Use the undo sftp server command to disable SFTP Server.
By default, SFTP Server is disabled.
Example
# Enable SFTP Server.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] sftp server enable
1.3.2 ssh user service-type
Syntax
ssh user username service-type { stelnet | sftp | all }
undo ssh user username service-type
View
System view
Parameter
username: SSH user name, a string of 1 to 80 characters.
stelnet: Specifies that the user can access the secure Telnet service.
sftp: Specifies that the user can access the SFTP service.
all: Specifies that the user can access both services (secure Telnet and SFTP).
Description
Use the ssh user service-type command to configure service type for a user so that the user can access specified service(s).
Use the undo ssh user service-type command to restore the default service type.
The default service type for an SSH user is stelnet.
Related command: display ssh user-information.
Example
# Specify that user kk can access SFTP service.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh user kk service-type sftp
1.3.3 sftp timeout
Syntax
sftp timeout time-out-value
undo sftp timeout
View
System view
Parameter
Time-out-value: Timeout time, in the range of 1 to 35,791 (minutes).
Description
Use the sftp timeout command to set the idle timeout time for SFTP connections.
Use the undo sftp timeout command to restore the default idle timeout time (that is, 10 minutes).
After this setting, the system will automatically release an SFTP connection when the SFTP connection is idle for a time longer than the time threshold you set.
Example
# Set the idle timeout time for SFTP connections to 500 minutes.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] sftp timeout 500
1.4 SFTP Client Configuration Commands
1.4.1 bye
Syntax
bye
View
SFTP client view
Parameter
None
Description
Use the bye command to terminate the connection to a remote SFTP server and return to system view.
This command has the same function as the exit and quit commands.
Example
# Terminate the connection to the remote SFTP server.
Bye
[H3C]
1.4.2 cd
Syntax
cd [ remote-path ]
View
SFTP client view
Parameter
remote-path: Name of a path on the remote SFTP server.
Description
Use the cd command to change the current path on the remote SFTP server. If the remote-path argument is not specified, the current path is displayed.
& Note:
You can use the cd.. command to return to the upper level directory.
You can use the cd / command to return to the root directory of the system (that is, flash:/).
Example
# Change current path to new1.
sftp-client> cd new1
Current Directory is:
flash:/new1
1.4.3 cdup
Syntax
cdup
View
SFTP client view
Parameter
None
Description
Use the cdup command to return to the upper directory of the current path on the remote SFTP server.
Example
# Return to the upper directory.
sftp-client> cdup
Current Directory is:
flash:/
1.4.4 delete
Syntax
delete remote-file
View
SFTP client view
Parameter
remote-file: Name of a file on the remote SFTP server.
Description
Use the delete command to delete the specified file from the remote SFTP server.
This command has the same function as the remove command.
Example
# Delete file test.txt from the remote SFTP server.
sftp-client> delete test.txt
The followed File will be deleted:
flash:/test.txt
Are you sure to delete it?(Y/N):y
This operation may take a long time.Please wait...
File successfully Removed
1.4.5 dir
Syntax
dir [ remote-path ]
View
SFTP client view
Parameter
remote-path: Path name of the intended directory.
Description
Use the dir command to display the specified directory on the remote SFTP server.
If the remote-path argument is not specified, the files in the current directory are displayed.
This command has the same function as the ls command.
Example
# Display the files in directory flash:/.
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2
1.4.6 display sftp source-ip
Syntax
display sftp source-ip
View
Parameter
None
Description
Use the display sftp source-ip command to display the current source IP address or the IP address of the source interface specified for the SFTP client. If neither source IP address nor source interface is specified, the command displays 0.0.0.0.
Example
# Display the current source IP address specified for the SFTP client.
<H3C> display sftp source-ip
The source IP you specified is 192.168.1.1
1.4.7 exit
Syntax
exit
View
SFTP client view
Parameter
None
Description
Use the exit command to terminate the connection to the remote SFTP server and return to system view.
This command has the same function as the bye and quit commands.
Example
# Terminate the connection to the remote SFTP server.
sftp-client> exit
Bye
[H3C]
1.4.8 get
Syntax
get remote-file [ local-file ]
View
SFTP client view
Parameter
remote-file: Name of a file on the remote SFTP server.
local-file: Name of the file to which the remote file will be saved.
Description
Use the get command to download and save a file from the remote server to the client.
If no local file name is specified, the remote file will be saved to the client with its original name.
Example
# Download file tt.bak and save it with name tt.txt.
sftp-client>get tt.bak tt.txt....
Remote file:flash:/tt.bak ---> Local file: tt.txt..
Downloading file successfully ended
1.4.9 help
Syntax
help [ command ]
View
SFTP client view
Parameter
command: Name of a command.
Description
Use the help command to get help information about one or all SFTP client commands.
If the command argument is not specified, the help information about all SFTP client commands is displayed.
Example
# Display help information about the get command.
get remote-path [local-path] Download file.Default local-path is the same
with remote-path
1.4.10 ls
Syntax
ls [ remote-path ]
View
SFTP client view
Parameter
remote-path: Name of the intended directory.
Description
Use the ls command to display the files in the specified directory on the remote SFTP server.
If the remote-path argument is not specified, the files in the current directory are displayed.
This command has the same function as the dir command.
Example
# Display the files in directory flash:/.
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2
1.4.11 mkdir
Syntax
mkdir remote-path
View
SFTP client view
Parameter
remote-path: Name of a directory on the remote SFTP server.
Description
Use the mkdir command to create a directory on the remote SFTP server.
Example
# Create directory hj on the remote SFTP server.
sftp-client> mkdir hj
New directory created
1.4.12 put
Syntax
put local-file [ remote-file ]
View
SFTP client view
Parameter
local-file: Name of a file on the client.
remote-file: Name of the file to which the local file will be saved on the remote SFTP server.
Description
Use the put command to upload a local file to the remote SFTP server.
If no remote file name is specified, the local file will be saved to the remote SFTP server with its original name.
Example
# Upload local file config.cfg to the remote SFTP server and save it with the name 1.txt.
sftp-client>put config.cfg 1.txt
Local file:config.cfg ---> Remote file: flash:/1.txt
Uploading file successfully ended
1.4.13 pwd
Syntax
pwd
View
SFTP client view
Parameter
None
Description
Use the pwd command to display the current directory on the remote SFTP server.
Example
# Display the current directory on the remote SFTP server.
sftp-client> pwd
flash:/
1.4.14 quit
Syntax
quit
View
SFTP client view
Parameter
None
Description
Use the quit command to terminate the connection to the remote SFTP server and return to system view.
This command has the same function as the bye and exit commands.
Example
# Terminate the connection to the remote SFTP server.
sftp-client> quit
Bye
[H3C]
1.4.15 remove
Syntax
remove remote-file
View
SFTP client view
Parameter
remote-file: Name of a file on the remote SFTP server.
Description
Use the remove command to delete a specified file from the remote SFTP server.
This command has the same function as the delete command.
Example
# Delete file temp.c from the remote SFTP server.
sftp-client> remove temp.c
The followed File will be deleted:
flash:/test2.txt
Are you sure to delete it?(Y/N):y
This operation may take a long time.Please wait...
File successfully Removed
1.4.16 rename
Syntax
rename oldname newname
View
SFTP client view
Parameter
oldname: Original file name.
newname: New file name.
Description
Use the rename command to change the name of a specified file on the remote SFTP server.
Example
# Change the name of file temp.bat on the remote SFTP server to temp.txt.
sftp-client> rename temp bat temp.txt
File successfully renamed
1.4.17 rmdir
Syntax
rmdir remote-path
View
SFTP client view
Parameter
remote-path: Name of a directory on the remote SFTP server.
Description
Use the rmdir command to delete a specified directory from the remote SFTP server.
Example
# Delete directory hello from the remote SFTP server.
sftp-client> rmdir hello
The followed directory will be deleted
flash:/hello
Are you sure to remove it?(Y/N):y
Directory successfully removed
1.4.18 sftp
Syntax
sftp { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [ prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]
View
System view
Parameter
host-ip: IP address of an SFTP server.
host-name: Name of an SFTP server, a string of 1 to 20 characters.
port-num: Port number of the SFTP server, in the range 0 to 65,535. The default port number is 22.
prefer_kex: Specifies the preferred key exchange algorithm. You can choose one from the following two algorithms.
dh_group1: Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default key exchange algorithm.
dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Specifies the preferred client-to-server encryption algorithm. It defaults to AES128.
prefer_stoc_cipher: Specifies the preferred server-to-client encryption algorithm. It defaults to AES128.
des: DES_cbc encryption algorithm.
aes128: AES_128 encryption algorithm.
prefer_ctos_hmac: Specifies the preferred client-to-server HMAC algorithm. It defaults to SHA1_96.
prefer_stoc_hmac: Specifies the preferred server-to-client HMAC algorithm. It defaults to SHA1_96.
sha1: HMAC-SHA1 algorithm.
sha1_96: HMAC-SHA1-96 algorithm.
md5: HMAC-MD5 algorithm.
md5_96: HMAC-MD5-96 algorithm.
Description
Use the sftp command to establish a connection to a remote SFTP server and enter SFTP client view.
Example
# Establish a connection to SFTP server 192.168.0.65 with default encryption algorithms.
[H3C]sftp 192.168.0.65
Input Username: kk
Trying 192.168.0.65 ...
Press CTRL+K to abort
Connected to 192.168.0.65 ...
The Server is not authenticated. Do you continue access it?(Y/N):y
Do you want to save the server's public key?(Y/N):y
Enter password:
sftp-client>
1.4.19 sftp source-interface
Syntax
sftp source-interface interface-type interface-number
undo sftp source-interface
View
System view
Parameter
interface-type: Source interface type, which can be LoopBack or VLAN-interface.
interface-number: Source interface number.
Description
Use the sftp source-interface command to specify a source interface for the SFTP client. If the specified interface does not exist, the command fails.
Use the undo sftp source-interface command to cancel the source interface setting. Then, a local device address determined by the system is used to access an SFTP server.
Example
# Specify source interface VLAN-interface2 for the SFTP client.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] sftp source-interface Vlan-interface 2
1.4.20 sftp source-ip
Syntax
sftp source-ip ip-address
undo sftp source-ip
View
System view
Parameter
ip-address: Source IP address.
Description
Use the sftp source-ip command to specify a source IP address for the SFTP client. If the specified IP address is not an address of the device, the command fails.
Use the undo sftp source-ip command to cancel the source IP address setting. Then, a local device address determined by the system is used to access an SFTP Server.
Example
# Specify source IP address 192.168.0.1 for the SFTP client.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] sftp source-ip 192.168.0.1