- Table of Contents
-
- H3C S5500-SI Series Ethernet Switches Command Manual-Release 1205-(V1.03)
- 00-1Cover
- 01-Login Command
- 02-Basic System Configuration and Maintenance Command
- 03-File System Management Command
- 04-VLAN Command
- 05-QinQ-BPDU TUNNEL Command
- 06-Port Correlation Configuration Command
- 07-MAC Address Table Management Command
- 08-MSTP Commands
- 09-IP Address and Performance Command
- 10-IPv6 Configuration Command
- 11-Routing Overview Command
- 12-IPv4 Routing Command
- 13-IPv6 Routing Command
- 14-802.1x-HABP-MAC Authentication Command
- 15-AAA-RADIUS-HWTACACS Command
- 16-Multicast Protocol Command
- 17-ARP Command
- 18-DHCP Command
- 19-ACL Command
- 20-QoS Command
- 21-Port Mirroring Command
- 22-Cluster Command
- 23-SNMP-RMON Command
- 24-NTP Command
- 25-DNS Command
- 26-Information Center Command
- 27-NQA Command
- 28-SSH Terminal Service Command
- 29-UDP Helper Command
- 30-SSL-HTTPS Command
- 31-PKI Command
- 32-PoE-PoE Profile Command
- 33-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
28-SSH Terminal Service Command | 208 KB |
Table of Contents
Chapter 1 SSH Terminal Service Commands
1.1 SSH Terminal Service Commands
1.1.1 display rsa local-key-pair public
1.1.2 display rsa peer-public-key
1.1.3 display sftp client source
1.1.4 display ssh client source
1.1.7 display ssh user-information
1.1.12 rsa local-key-pair create
1.1.13 rsa local-key-pair destroy
1.1.14 rsa local-key-pair export
1.1.17 sftp client ipv6 source
1.1.21 sftp server idle-timeout
1.1.22 ssh client authentication server
1.1.23 ssh client first-time enable
1.1.26 ssh server authentication-retries
1.1.27 ssh server authentication-timeout
1.1.28 ssh server compatible-ssh1x enable
1.1.30 ssh server rekey-interval
1.1.31 ssh user assign rsa-key
1.1.32 ssh user authentication-type
1.2 SFTP Configuration Commands
Chapter 1 SSH Terminal Service Commands
1.1 SSH Terminal Service Commands
1.1.1 display rsa local-key-pair public
Syntax
display rsa local-key-pair public
View
Any view
Parameter
None
Description
Use the display rsa local-key-pair public command to display the public keys of the host key pair and server key pair on the server.
Related command: rsa local-key-pair create.
Example
# Display the public keys of the host key pair and server key pair on the server.
<Sysname> display rsa local-key-pair public
=====================================================
Time of Key pair created: 05:25:36 2000/05/03
Key name: Sysname_Host
Key type: RSA encryption Key
=====================================================
Key code:
3061
025A
3016541E D29B33C6 777CDA8B 213FB164 A773DCF8
E48F525E CBDC02BD 334123B4 FCE92510 3F104B32
913A3038 58BDCFF1 F16FC1CE 8D5270A5 CAEBE612
EDFF51F5 DA16FDDA 3C4C5CFA AD7C7634 14116B8E
2F6FFA27 8028871D CD1B
0203
010001
=====================================================
Time of Key pair created: 05:25:45 2000/05/03
Key name: Sysname_Server
Key type: RSA encryption Key
=====================================================
Key code:
3077
0270
C4DE4225 CC7B2693 C16E88C6 451D2FA3 EA0BA58D
40EEC535 8A794BEE 3F30023A B7FFCEC1 545127F2
1A275AE1 85CF2597 9C006B4A BC5374F2 D45D2249
9987D245 2058F26D D8F8F121 C2276F9D 3B29DEBB
98EB82C9 E0071704 A2916D5D 21D0CEB6 605E8FF0
9C6DD960 3BFFA98E 2E117CCD
0203
010001
Table 1-1 Description on fields of the display rsa local-key-pair public command
Field |
Description |
Time of Key pair created |
Time when the key pair is created |
Key name |
Name of a key |
Key type |
Type of a key |
RSA encryption Key |
RSA encryption key |
Key code |
Code of a key |
1.1.2 display rsa peer-public-key
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameter
brief: Displays the brief information about all peer public keys.
name keyname: Specifies the key name (a string of up to 64 characters) to be displayed.
Description
Use the display rsa peer-public-key command to display the peer RSA public keys. If no keyname is specified, all peer public keys are displayed.
Related command: rsa local-key-pair create.
Example
# Display all peer public keys.
<Sysname> display rsa peer-public-key
=====================================
Key name: aa
Key address:
=====================================
Key Code:
308186
028180
6B494EC4 EBD23DEE 1375C2B5 AB892F69 F2529D09 5B559E26 26011A1F C58AA5E3
60258B01 26494D0E 7221BB98 1C844CCD 8F0F8AEA 4AA1CD5B 9C3C5EF5 3093319F
6F3AEA80 351E5E8D 29F1511C D4AC08B4 3FDF5B7B E30A4E47 6FF75B9A 63BE5E94
E9C344B7 F0EC9D53 AE54E0A3 0567184A 2E80BEC3 89A2DAFA 83C18591 5B29EAA1
0201
25
Table 1-2 Description on fields of the display rsa peer-public-key command
Field |
Description |
Key name |
Name of a key |
Key address |
Address of a key |
Key code |
Code of a key |
# Displays the brief information about all peer public keys
<Sysname> display rsa peer-public-key brief
Address Bits Name
---------------------------
1023 aaa
Table 1-3 Description on fields of the display rsa peer-public-key brief command
Field |
Description |
Address |
Remote address |
Bits |
Bits of a key |
Name |
Name of a key |
1.1.3 display sftp client source
Syntax
display sftp client source
View
Any view
Parameter
None
Description
Use the display sftp client source command to display the source IP address or source interface currently set for the SFTP client.
If no source IP address or source interface is specified for the SFTP client, “You don't specify the source” will be displayed.
Related command: sftp client source.
Example
# Display the source IP address of the SFTP client.
<Sysname> display sftp client source
The source IP address you specified is 192.168.0.1
1.1.4 display ssh client source
Syntax
display ssh client source
View
Any view
Parameter
None
Description
Use the display ssh client source command to display the source IP address or source interface currently set for the SSH client.
If no source IP address or source interface is specified for the SSH client, “You don't specify the source” will be displayed.
Related command: ssh client source.
Example
# Display the source IP address of the SSH client.
<Sysname> display ssh client source
The source IP address you specified is 192.168.0.1
1.1.5 display ssh server
Syntax
display ssh server { status | session }
View
Any view
Parameter
status: Displays the status information of the SSH server.
session: Displays the session information of the SSH server.
Description
Use the display ssh server command to display the status information or session information of the SSH server.
Related command: ssh server authentication-retries, ssh server rekey-interval, ssh server authentication-timeout, ssh server enable and ssh server compatible-ssh1x enable.
Example
# Display the status information of the SSH server.
<Sysname> display ssh server status
SSH Server: Disable
SSH version : 1.99
SSH authentication-timeout : 60 second(s)
SSH server key generating interval : 0 hour(s)
SSH Authentication retries : 3 time(s)
SFTP Server: Disable
SFTP Server Idle-Timeout: 10 minute(s)
Table 1-4 Description on fields of the display ssh server status command
Field |
Description |
SSH Server |
Status of the SSH server function |
SSH version |
SSH protocol version |
SSH authentication-timeout |
SSH connection timeout time |
SSH server key generating interval |
SSH server key update period |
SSH Authentication retries |
Number of SSH authentication attempts |
SFTP Server |
Status of the SFTP server function |
SFTP Server Idle-Timeout |
SFTP connection idle timeout time |
# Display the session information of the SSH server.
<Sysname> display ssh server session
Conn Ver Encry State Retry SerType Username
Table 1-5 Description on fields of the display ssh server session command
Field |
Description |
Conn |
Connected VTY channel |
Ver |
Protocol version |
Encry |
Encryption algorithm |
State |
Session state |
Retry |
Number of attempts |
SerType |
Service type |
Username |
Name of a user |
1.1.6 display ssh server-info
Syntax
display ssh server-info
View
Any view
Parameter
None
Description
Use the display ssh server-info command to display the mappings between the server host public keys saved on the client (including those saved in first authentication mode) and the corresponding servers.
Example
# Display the mapping between the host public key and the SSH server saved on the client.
<Sysname> display ssh server-info
Server Name(IP) Server public key name
______________________________________________________
192.168.0.1 abc_key01
192.168.0.2 abc_key02
Table 1-6 Descriptions on fields of the display ssh server-info command
Field |
Description |
Server Name(IP) |
Name of the server |
Server public key name |
Name of the host public key on the server |
1.1.7 display ssh user-information
Syntax
display ssh user-information [ username ]
View
Any view
Parameter
username: SSH username, a string of up to 80 characters.
Description
Use the display ssh user-information command to display the information of the SSH user, including username, key name, and authentication mode.
If a username is not specified, the information of the all users will be displayed.
Related command: ssh user assign rsa-key, ssh user authentication-type, ssh user service-type.
Example
# Display the information of users.
<Sysname> display ssh user-information
Username Authentication-type User-public-key-name Service-type
yemx password putty stelnet|sftp
test rsa null sftp
Table 1-7 Description on fields of the display ssh user-information command
Field |
Description |
Username |
Name of a user |
Authentication-type |
Authentication type |
User-public-key-name |
Name of a user public key |
Service-type |
Service type |
1.1.8 peer-public-key end
Syntax
peer-public-key end
View
Public key view
Parameter
None
Description
Use the peer-public-key end command to return from public key view to system view.
Related command: rsa peer-public-key.
Example
# Exit public key view.
<Sysname> system-view
[Sysname] rsa peer-public-key Sysname003
[Sysname-rsa-public-key] peer-public-key end
[Sysname]
1.1.9 protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all: Supports all of the three protocols: Telnet, and SSH.
ssh: Supports SSH only.
telnet: Supports Telnet only.
Description
Use the protocol inbound command to enable the current user interface to support Telnet, SSH, or all of them.
By default, a user interface supports all of the two protocols: Telnet and SSH.
The configuration of this command takes effect at next login.
If you configure the current user interface to support SSH, be sure to configure the authentication-mode scheme command.
Example
# Enable VTYs 0 to 4 to support SSH only.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode scheme
[Sysname-ui-vty0-4] protocol inbound ssh
1.1.10 public-key-code begin
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin command to enter RSA key code view.
After entering public key code view, you can input the key data. It must be a hexadecimal string that is generated randomly by the SSH-supported client software and coded compliant to PKCS. Spaces and carriage returns are allowed between characters.
Related command: rsa peer-public-key, public-key-code end.
Example
# Enter public key code view to input the key.
<Sysname> system-view
[Sysname] rsa peer-public-key Sysname003
[Sysname-rsa-public-key] public-key-code begin
[Sysname-rsa-key-code]30818602 818078C4 32AD7864 BB0137AA 516284BB 3F55F0E3
[Sysname-rsa-key-code]F6DD9FC2 4A570215 68D2B3F7 5188A1C3 2B2D40BE D47A08FA
[Sysname-rsa-key-code]CF41AF4E 8CCC2ED0 C5F9D1C5 22FC0625 BA54BCB3 D1CBB500
[Sysname-rsa-key-code]A177E917 642BE3B5 C683B0EB 1EC041F0 08EF60B7 8B6ED628
[Sysname-rsa-key-code]9830ED46 0BA21FDB F55E7C81 5D1A2045 54BFC853 5358E5CF
[Sysname-rsa-key-code]7D7DDF25 03C44C00 E2F49539 5C4B0201 25
1.1.11 public-key-code end
Syntax
public-key-code end
View
RSA key code view
Parameter
None
Description
Use the public-key-code end command to return from public key code view to public key view and to save the configured public key.
The system verifies the key before saving it. If the key contains illegal characters, the system displays the error message and discards the key.
Related command: rsa peer-public-key, public-key-code begin.
Example
# Exit RSA key code view
<Sysname> system-view
[Sysname] rsa peer-public-key Sysname003
[Sysname-rsa-public-key] public-key-code begin
[Sysname-rsa-key-code] public-key-code end
[Sysname-rsa-public-key]
1.1.12 rsa local-key-pair create
Syntax
rsa local-key-pair create
View
System view
Parameter
None
Description
Use the rsa local-key-pair create command to create the RSA host key pair and server key pair.
Note that:
l After entering this command, you will be prompted to provide the length of the key pair. The length of a server/host key must be in the range 512 to 2048 bits. If the key pair already exists, the system will ask you whether you want to overwrite it.
l The configuration of this command can survive a reboot. You only need to configure it once.
Related command: rsa local-key-pair destroy, display rsa local-key-pair public.
Example
# Create the host key pairs and server key pairs.
<Sysname> system-view
[Sysname] rsa local-key-pair create
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
.++++++++++++
...........++++++++++++
..........++++++++
.++++++++
......Done!
1.1.13 rsa local-key-pair destroy
Syntax
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Use the rsa local-key-pair destroy command to destroy the RSA host key pair and server key pair.
After entering this command, you will be asked whether you really want to destroy the RSA host key pair and server key pair.
Related command: rsa local-key-pair create.
Example
# Destroy all server-side keys.
<Sysname> system-view
[Sysname] rsa local-key-pair destroy
The local-key-pair will be destroyed..
Confirm to destroy these keys? [Y/N]:y
............Done!
1.1.14 rsa local-key-pair export
Syntax
rsa local-key-pair export { ssh1 | ssh2 | openssh } [ filename ]
View
Any view
Parameter
ssh1: Uses the type of SSH1.
ssh2: Uses the type of SSH2.
openssh: Uses the type of OpenSSH.
filename: Name of the file for the exported RSA host public key, a string of 1 to 135 characters when fully qualified or a string of 1 to 91 characters when consisting of only the filename. When fully qualified, the filename part cannot exceed 91 characters.
Description
use the rsa local-key-pair export command to display the RSA host public key on the screen or export it to a specified file.
If you do not specify the filename argument, the command displays the RSA host public key; otherwise, the command exports the RSA host public key to the specified file and saves the file.
SSH1, SSH2 and OpenSSH are three different public key file formats for different requirements.
Related command: rsa local-key-pair create, rsa local-key-pair destroy.
Example
# Export the RSA host public key in OpenSSH format.
<Sysname> rsa local-key-pair export OpenSSH myOpenSSH
....
The file of public key is successfully generated.
# Display the RSA host public key in SSH2 format.
<Sysname> rsa local-key-pair export SSH2
Host public key for SSH2 format code:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20000426"
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDk9tGNoY5GFjSQMArjM5KI6pWi04gii8U9
otfCPjNSPO2znZLQXkiRq+26xhlKynpJ5VLBlzJGILEC9RMS08TV
---- END SSH2 PUBLIC KEY ----
# Display the RSA host public key in OpenSSH format.
<Sysname> rsa local-key-pair export OpenSSH
Public key code for pasting into OpenSSH authorized_keys file :
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAQQDk9tGNoY5GFjSQMArjM5KI6pWi04gii8U9otfCPjNS
PO2znZLQXkiRq+26xhlKynpJ5VLBlzJGILEC9RMS08TV rsa-key-20000426
1.1.15 rsa peer-public-key
Syntax
rsa peer-public-key keyname [ import sshkey filename ]
undo rsa peer-public-key keyname
View
System view
Parameter
keyname: Name of the public key, a string of 1 to 64 characters.
filename: Name of the public key file. a string of 1 to 136 characters.
Description
Use the rsa peer-public-key command to enter public key view.
Use the rsa peer-public-key import sshkey command to import a public key from a public key file and name the public key.
Use the undo peer public-key command to delete a public key for SSH users.
Note that:
l After entering public key view, you can use the public-key-code begin and public-key-code end to configure and save the public key. The public key is generated randomly by the SSH2.0 client software.
l When you import a public key, the system automatically converts the public key in SSH1, SSH2, or OpenSSH format to a string coded using the PKCS standard. Before importing the public key, you must upload the public key file to the server through FTP or TFTP.
Related command: public-key-code begin, public-key-code end.
Example
# Enter public key view for public key abc123.
<Sysname> system-view
[Sysname] rsa peer-public-key abc123
[Sysname-rsa-public-key]
# Import the public key in public key file pub2 and name the key abc456.
<Sysname> system-view
[Sysname] rsa peer-public-key abc456 import sshkey pub2
1.1.16 sftp
Syntax
sftp { host-ip | host-name } [ port-number ] [ prefer_kex { dh_group1 | dh_exchange_group } | prefer_ctos_cipher { des | aes128 } | prefer_stoc_cipher { des | aes128 } | prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } | prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]*
View
System view
Parameter
host-ip: IPv4 address of the server.
host-name: Name of the server, a string of 1 to 20 characters.
port-number: Port number of the server, in the range 0 to 65535. The default is 22.
prefer_ctos_cipher: Preferred encryption algorithm from client to server, defaulted to aes128.
l aes128: Encryption algorithm aes128_cbc.
l des: Encryption algorithm des_cbc.
prefer_ctos_hmac: Preferred HMAC algorithm from client to server, defaulted to sha1.
l md5: HMAC algorithm hmac-md5.
l md5_96: HMAC algorithm hmac-md5-96.
l sha1: HMAC algorithm hmac-sha1.
l sha1_96: HMAC algorithm hmac-sha1-96.
prefer_kex: Preferred key exchange algorithm, defaulted to dh_group1.
l dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1.
l dh_group1: Key exchange algorithm diffie-hellman-group1-sha1.
prefer_stoc_cipher: Preferred algorithm from server to client, defaulted to aes128.
prefer_stoc_hmac: Preferred HMAC algorithm from server to client, defaulted to sha1.
Description
Use the sftp command to establish a connection to a remote IPv4 SFTP server and enter SFTP client view.
Example
# Connect to SFTP server 10.1.1.2 using the default algorithms.
<Sysname> system-view
[Sysname] sftp 10.1.1.2
Input Username:
1.1.17 sftp client ipv6 source
Syntax
sftp client ipv6 source { ipv6 ipv6-address | interface interface-type interface-number }
undo sftp client ipv6 source
View
System view
Parameter
ipv6-address: Source IPv6 address to be specified.
interface-type interface-number: Type and number of the source interface to be specified.
Description
Use the sftp client ipv6 source command to specify the source IPv6 address or source interface for the SFTP client.
Use the undo sftp client ipv6 source command to cancel the source IPv6 address or source interface specified.
By default, the client accesses the SFTP server through the interface specified by the route of the device.
Example
# Specify the source IPv6 address of the SFTP client as 2:2::2:2.
<Sysname> system-view
[Sysname] sftp client ipv6 source ipv6 2:2::2:2
1.1.18 sftp client source
Syntax
sftp client source { ip ip-address | interface interface-type interface-number }
undo sftp client source
View
System view
Parameter
ip ip-address: Specifies an IPv4 address.
interface interface-type interface-number: Specifies an interface by its type and number.
Description
Use the sftp client source command to specify the source IPv4 address or interface of an SFTP client.
Use the undo sftp source-interface command to remove the configuration.
By default, a client uses the IP address or interface specified by the route to access the SFTP server.
Related command: display sftp client source.
Example
# Specify the source IP address of the SFTP client as 192.168.0.1.
<Sysname> system-view
[Sysname] sftp client source ip 192.168.0.1
1.1.19 sftp ipv6
Syntax
sftp ipv6 { ipv6-address | host-name } [ port-number ] [ prefer_ctos_cipher { aes128 | des } | prefer_ctos_hmac { md5 | md5_96 | sha1 | sha1_96 } | prefer_kex { dh_exchange_group | dh_group1 } | prefer_stoc_cipher { aes128 | des } | prefer_stoc_hmac { md5 | md5_96 | sha1 | sha1_96 } ] *
View
System view
Parameter
ipv6-address: IPv6 address of the server.
host-name: Name of the server, a string of 1 to 46 characters.
port-number: Port number of the server, in the range 0 to 65535. The default is 22.
prefer_ctos_cipher: Preferred encryption algorithm from client to server, defaulted to aes128.
l aes128: Encryption algorithm aes128_cbc.
l des: Encryption algorithm des_cbc.
prefer_ctos_hmac: Preferred HMAC algorithm from client to server, defaulted to sha1.
l md5: HMAC algorithm hmac-md5.
l md5_96: HMAC algorithm hmac-md5-96.
l sha1: HMAC algorithm hmac-sha1.
l sha1_96: HMAC algorithm hmac-sha1-96.
prefer_kex: Preferred key exchange algorithm, defaulted to dh_group1.
l dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1.
l dh_group1: Key exchange algorithm diffie-hellman-group1-sha1.
prefer_stoc_cipher: Preferred encryption algorithm from server to client, defaulted to aes128.
prefer_stoc_hmac: Preferred HMAC algorithm from server to client, defaulted to sha1.
Description
Use the sftp ipv6 command to initiate a connection to the remote IPv6 SFTP server and enter SFTP client view.
Example
# Initiate a connection to the SFTP server whose IPv6 address is 2:5::8:9, with all the encryption algorithms defaulted.
<Sysname> system-view
[Sysname] sftp ipv6 2:5::8:9
Input Username:
1.1.20 sftp server enable
Syntax
sftp server enable
undo sftp server enable
View
System view
Parameter
None
Description
Use the sftp server enable command to enable SFTP server.
Use the undo sftp server enable command to disable SFTP server.
By default, SFTP server is disabled.
Related command: display ssh server.
Example
# Enable SFTP server.
<Sysname> system-view
[Sysname] sftp server enable
1.1.21 sftp server idle-timeout
Syntax
sftp server idle-timeout time-out-value
undo sftp server idle-timeout
View
System view
Parameter
time-out-value: Timeout period in minutes. It ranges from 1 to 35,791, and defaults to 10.
Description
Use the sftp server idle-timeout command to set the idle timeout period for SFTP user connections.
Use the undo sftp server idle-timeout command to restore the default.
Related command: display ssh server.
Example
# Set the idle timeout period for SFTP user connections to 500 minutes.
<Sysname> system-view
[Sysname] sftp server idle-timeout 500
1.1.22 ssh client authentication server
Syntax
ssh client authentication server { server-ip | server-name } assign rsa-key keyname
undo ssh client authentication server { server-ip | server-name } assign rsa-key
View
System view
Parameter
server-ip: IP address of the server.
server-name: Name of the server, a string of 1 to 80 characters.
keyname: Name of the host public key of the server, a string of 1 to 64 characters.
Description
Use the ssh client assign rsa-key command to configure the host public key of the server so that the client can determine whether the server is reliable.
Use the undo ssh client assign rsa-key command to remove the configuration.
By default, the host public key of the server is not configured, and when logging into the server, the client uses the IP address or host name used for login as the public key name.
Example
# Configure the public key of the server with the IP address of 192.168.0.1 to be abc.
<Sysname> system-view
[Sysname] ssh client authentication server 192.168.0.1 assign rsa-key abc
1.1.23 ssh client first-time enable
Syntax
ssh client first-time enable
undo ssh client first-time
View
System view
Parameter
None
Description
Use the ssh client first-time enable command to enable the first-time authentication function.
Use the undo ssh client first-time command to disable the function.
By default, the function is enabled.
When an SSH client tries to access a server whose public host key it does not know for the first time, the first-time authentication function enables it to access the server and obtain and save the public host key of the server. When the client accesses the server later, it can use the locally saved public host key of the server to authenticate the server.
With the first-time authentication function disabled, an SSH client cannot access any server whose public host key it does not know. In this case, you must configure the public host key of the server to be accessed on the client at first.
Example
# Enable the first-time authentication function.
<Sysname> system-view
[Sysname] ssh client first-time enable
1.1.24 ssh client ipv6 source
Syntax
ssh client ipv6 source { ipv6 ipv6-address | interface interface-type interface-number }
undo ssh client ipv6 source
View
System view
Parameter
ipv6-address: Source IPv6 address to be specified.
interface-type interface-number: Type and number of the source interface to be specified.
Description
Use the ssh client ipv6 source command to specify the source IPv6 address or source interface for the SSH client.
Use the undo ssh client ipv6 source command to cancel the source IPv6 address or source interface specified.
By default, the client accesses the SSH server through the interface specified by the route of the device.
Example
# Specify the source IPv6 address of the SSH client as 2:2::2:2.
<Sysname> system-view
[Sysname] ssh client ipv6 source ipv6 2:2::2:2
1.1.25 ssh client source
Syntax
ssh client source { ip ip-address | interface interface-type interface-number }
undo ssh client source
View
System view
Parameter
ip ip-address: Specifies an IPv4 address.
interface interface-type interface-number: Specifies an interface by its type and number.
Description
Use the ssh client source command to specify the source IP address or source interface of the SSH client.
Use the undo ssh client source command to remove the configuration.
By default, an SSH client uses the IP address or interface specified by the route to access the SSH server.
Related command: display ssh client source.
Example
# Specify the source IPv4 address of the SSH client as 192.168.0.1.
<Sysname> system-view
[Sysname] ssh client source ip 192.168.0.1
1.1.26 ssh server authentication-retries
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameter
times: Maximum number of authentication attempts, in the range 1 to 5. The default is 3.
Description
Use the ssh server authentication-retries command to set the maximum number of SSH connection authentication attempts, which is validated at next login.
Use the undo ssh server authentication-retries command to restore the default.
Related command: display ssh server.
Example
# Set the maximum number of SSH connection authentication attempts to four.
<Sysname>system-view
[Sysname] ssh server authentication-retries 4
1.1.27 ssh server authentication-timeout
Syntax
ssh server authentication-timeout time-out-value
undo ssh server authentication-timeout
View
System view
Parameter
time-out-value: Authentication timeout period in seconds. It ranges from 1 to120 and defaults to 60.
Description
Use the ssh server authentication-timeout command to set the SSH user authentication timeout period on the SSH server.
Use the undo ssh server authentication-timeout command to restore the default.
Related command: display ssh server.
Example
# Set the SSH user authentication timeout period to 10 seconds.
<Sysname>system-view
[Sysname] ssh server authentication-timeout 10
1.1.28 ssh server compatible-ssh1x enable
Syntax
ssh server compatible-ssh1x enable
undo ssh server compatible-ssh1x
View
System view
Parameter
None
Description
Use the ssh server compatible-ssh1x command to enable the SSH server to work with SSH1.x clients.
Use the undo ssh server compatible-ssh1x command to disable the SSH server from working with SSH1.x clients.
By default, the SSH server can work with SSH1.x clients.
This configuration takes effect when the user logs in next time.
Related command: display ssh server.
Example
# Enable the SSH server to work with SSH1.x clients.
<Sysname> system-view
[Sysname] ssh server compatible-ssh1x enable
1.1.29 ssh server enable
Syntax
ssh server enable
undo ssh server enable
View
System view
Parameter
None
Description
Use the ssh server enable command to enable SSH server.
Use the undo ssh server enable command to disable SSH server.
By default, SSH server is disabled.
Example
# Enable SSH server.
<Sysname>system-view
[Sysname] ssh server enable
1.1.30 ssh server rekey-interval
Syntax
ssh server rekey-interval hours
undo ssh server rekey-interval
View
System view
Parameter
hours: Update interval in hours, in the range 1 to 24.
Description
Use the ssh server rekey-interval command to set the interval for updating the server key pair.
Use the undo ssh server rekey-interval command to remove the configuration.
By default, the value of the intervals argument is 0, that is, the server key pair is not updated.
Related command: display ssh server.
Example
# Set the server key pair update interval to three hours.
<Sysname>system-view
[Sysname] ssh server rekey-interval 3
1.1.31 ssh user assign rsa-key
Syntax
ssh user username assign rsa-key keyname
undo ssh user username assign rsa-key
undo ssh user username
View
System view
Parameter
username: SSH username, a string of 1 to 80 characters.
keyname: Name of an existing client public key, a string of 1 to 64 characters.
Description
Use the ssh user assign rsa-key command to assign an existing public key to a user. If the user does not exist, the command creates the user with the authentication method of RSA and the default service type of stelnet at first.
Use the undo ssh user assign rsa-key command to remove the association.
Use the undo ssh user username command to delete a user.
Note that:
l If you configure the ssh user assign rsa-key command for a user with a public key, the new public key overwrites the old one.
l The new public key takes effect when the user logs in next time.
Related command: display ssh user-information.
Example
# Assign key1 to user aaa.
<Sysname> system-view
[Sysname] ssh user aaa assign rsa-key key1
1.1.32 ssh user authentication-type
Syntax
ssh user username authentication-type { password | rsa | password-publickey | all }
undo ssh user username authentication-type
undo ssh user username
View
System view
Parameter
username: SSH username, a string of 1 to 80 characters.
password: Performs password authentication of the client.
rsa: Performs RSA authentication of the client.
password-publickey: Performs both password authentication and RSA authentication of the client.
all: Performs either password authentication or RSA authentication. The client tries RSA authentication first.
& Note:
When you configure the authentication method of password-publickey:
l A client running SSH1 client only needs to pass either type of authentication.
l A client running SSH2 client must pass both types of authentication to log in.
Description
Use the ssh user authentication-type command to specify the authentication method for an SSH user. If the specified user does not exist, the command creates the user with the default service type of stelnet at first.
Use the undo ssh user authentication-type command to restore the default.
Use the undo ssh user username command to delete a user.
By default, the authentication method for an SSH user is RSA.
Note that:
l Configuring this command on the server, you specify the authentication method that the client can select. Note that the authentication method that a client uses at login depends on the client itself.
l The configuration takes effect when the user logs in next time.
l For a user using RSA authentication, you must configure the username and public keys on the device. For a user using password authentication, you can configure the accounting information on the device or remote authentication server.
Related command: display ssh user-information.
Example
# Specify the authentication method of password for user aaa.
<Sysname> system-view
[Sysname] ssh user aaa authentication-type password
1.1.33 ssh user service-type
Syntax
ssh user username service-type { stelnet | sftp | all }
undo ssh user username service-type
undo ssh user username
View
System view
Parameter
username: SSH username, a string of 1 to 80 characters.
stelnet: Specifies the service type of the user as secure Telnet.
sftp: Specifies the service type of the user as SFTP.
all: Specifies that the user can use both of the services types.
Description
Use the ssh user service-type command to specify the service types of an SSH user. If the specified user does not exist, the command creates the user with the default authentication type of RSA at first.
Use the undo ssh user service-type command to restore the default.
Use the undo ssh user username command to delete a user.
By default, the service type of a user is stelnet.
Related command: display ssh user-information.
Example
# Specify the service type of SFTP for user aaa.
<Sysname> system-view
[Sysname] ssh user aaa service-type sftp
1.1.34 ssh2
Syntax
ssh2 { host-ip | host-name } [ port-number ] [ prefer_kex { dh_group1 | dh_exchange_group } | prefer_ctos_cipher { des | aes128 } | prefer_stoc_cipher { des | aes128 } | prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } | prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]*
View
System view
Parameter
host-ip: IPv4 address of the server.
host-name: Name of the server, a string of 1 to 20 characters.
port-number: Port number of the server, in the range 0 to 65535. The default is 22.
prefer_ctos_cipher: Preferred encryption algorithm from client to server, defaulted to aes128.
l aes128: Encryption algorithm aes128_cbc
l des: Encryption algorithm des_cbc.
prefer_ctos_hmac: Preferred HMAC algorithm from client to server, defaulted to sha1.
l md5: HMAC algorithm hmac-md5.
l md5_96: HMAC algorithm hmac-md5-96.
l sha1: HMAC algorithm hmac-sha1.
l sha1_96: HMAC algorithm hmac-sha1-96.
prefer_kex: Preferred key exchange algorithm, defaulted to dh_group1.
l dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1.
l dh_group1: Key exchange algorithm diffie-hellman-group1-sha1.
prefer_stoc_cipher: Preferred encryption algorithm from server to client, defaulted to aes128.
prefer_stoc_hmac: Preferred HMAC algorithm from server to client, defaulted to sha1.
Description
Use the ssh2 command to initiate a connection to an SSH server, and specify the preferred key exchange algorithm, encryption algorithms, and HMAC algorithms of the client and the server.
Example
# Log into remote SSH2 server 10.214.50.51, setting the algorithms as follows:
l Preferred key exchange algorithm: DH_exchange_group
l Preferred encryption algorithm from the server to the client: AES128
l Preferred HMAC algorithm from the client to the server: MD5
l Preferred HMAC algorithm from the server to the client: SHA1-96.
<Sysname> system-view
[Sysname] ssh2 10.214.50.51 prefer_kex dh_exchange_group prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96
1.1.35 ssh2 ipv6
Syntax
ssh2 ipv6 { ipv6-address | host-name } [ port-number ] [ prefer_ctos_cipher { aes128 | des } | prefer_ctos_hmac { md5 | md5_96 | sha1 | sha1_96 } | prefer_kex { dh_exchange_group | dh_group1 } | prefer_stoc_cipher { aes128 | des } | prefer_stoc_hmac { md5 | md5_96 | sha1 | sha1_96 } ] *
View
System view
Parameter
ipv6-address: IPv6 address of the server.
host-name: Name of the server, a string of 1 to 46 characters.
port-number: Port number of the server, in the range 0 to 65535. The default is 22.
prefer_ctos_cipher: Preferred encryption algorithm from client to server, defaulted to aes128.
l aes128: Encryption algorithm aes128_cbc.
l des: Encryption algorithm des_cbc.
prefer_ctos_hmac: Preferred HMAC algorithm from client to server, defaulted to sha1.
l md5: HMAC algorithm hmac-md5.
l md5_96: HMAC algorithm hmac-md5-96.
l sha1: HMAC algorithm hmac-sha1.
l sha1_96: HMAC algorithm hmac-sha1-96.
prefer_kex: Preferred key exchange algorithm, default to dh_group1.
l dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1.
l dh_group1: Key exchange algorithm diffie-hellman-group1-sha1.
prefer_stoc_cipher: Preferred encryption algorithm from server to client, defaulted to aes128.
prefer_stoc_hmac: Preferred HMAC algorithm from server to client, defaulted to sha1.
Description
Use the ssh2 ipv6 command to initiate a connection between an SSH client and the IPv6 server, and specify the preferred key exchange algorithm, encryption algorithm, and HMAC algorithm of the client and the server.
Example
# Log into the remote SSH2 server whose address is 2000::1, configuring the encryption algorithms as follows:
Specify dh_exchange_group as the preferred key exchange algorithm.
Specify aes128 as the preferred encryption algorithm for the connection from the server to the client.
Specify md5 as the preferred HMAC algorithm for the connection from the client to the server.
Specify sha1_96 as the preferred HMAC algorithm for the connection from the server to the client.
<Sysname> system-view
[Sysname] ssh2 ipv6 2000::1 prefer_kex dh_exchange_group prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96
1.2 SFTP Configuration Commands
1.2.1 bye
Syntax
bye
View
SFTP client view
Parameter
None
Description
Use the bye command to terminate the connection with a remote SFTP server and return to system view.
This command functions as the exit or quit command does.
Example
# Terminate the connection with a remote SFTP server.
sftp-client> bye
Bye
[Sysname]
1.2.2 cd
Syntax
cd [ remote-path ]
View
SFTP client view
Parameter
remote-path: Path name on a server.
Description
Use the cd command to change the working path on a remote SFTP server. If no remote-path is specified, the current working path is displayed.
& Note:
l You can use the cd .. command to return to the upper-level directory.
l You can use the cd / command to return to the root directory of the system.
Example
# Change the working path to new1.
sftp-client> cd new1
Current Directory is:
/new1
1.2.3 cdup
Syntax
cdup
View
SFTP client view
Parameter
None
Description
Use the cdup command to change the working path and return to the upper-level directory.
Example
# Change the working path to the upper-level directory.
sftp-client> cdup
Current Directory is:
/
1.2.4 delete
Syntax
delete remote-file&<1-10>
View
SFTP client view
Parameter
remote-file&<1-10>: Name of a file on the server. &<1-10> means that you can provide up to 10 filenames, which are separated by space.
Description
Use the delete command to delete a specified file from a server.
This command functions as the remove command does.
Example
# Delete the temp.c file from a server.
sftp-client> delete temp.c
The following files will be deleted:
/ temp.c
Are you sure to delete it? [Y/N]:y
This operation may take a long time.Please wait...
File successfully Removed
1.2.5 dir
Syntax
dir [ -a | -l ] [ remote-path ]
View
SFTP client view
Parameter
-a: Displays the filenames or the folder names of the specified directory.
-l: Displays in list form detailed information of the files and folder of the specified directory
remote-path: Name of the directory to be queried.
Description
Use the dir command to display file and folder information under a specified directory.
With the –a and –l keyword not specified, the command displays detailed information of files and folder under the specified directory in a list form.
With the remote-path not specified, the command displays the file and folder information of the current working directory.
This command functions as the ls command.
Example
# Display in a list form detailed file and folder information under the current working directory.
sftp-client> dir
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2
1.2.6 exit
Syntax
exit
View
SFTP client view
Parameter
None
Description
Use the exit command to terminate the connection with a remote SFTP server and return to system view.
This command functions as the bye or quit command.
Example
# Terminate the connection with a remote SFTP server.
sftp-client> exit
Bye
[Sysname]
1.2.7 get
Syntax
get remote-file [ local-file ]
View
SFTP client view
Parameter
remote-file: Name of a file on a remote SFTP server.
local-file: Name of a local file.
Description
Use the get command to download a file from a remote SFTP server and save it locally.
If you do not specify the local-file argument, the file will be saved locally with the same name as that on the remote SFTP server.
Example
# Download the temp1.c file and save it as temp.c locally.
sftp-client> get temp1.c temp.c
Remote file:/temp1.c ---> Local file: temp.c
Downloading file successfully ended
1.2.8 help
Syntax
help [ all | command-name ]
View
SFTP client view
Parameter
all: Displays all commands.
command-name: Name of a command.
Description
Use the help command to display the help information of SFTP client commands.
If a command-name is not specified, the system will display all commands.
Example
# View the help information of the get command.
sftp-client>help get
get remote-path [local-path] Download file.Default local-path is the same
with remote-path
1.2.9 ls
Syntax
ls [ -a | -l ] [ remote-path ]
View
SFTP client view
Parameter
-a: Displays the filenames or the folder names of the specified directory.
-l: Displays in list form detailed information of the files and folder of the specified directory.
remote-path: Name of the directory to be queried.
Description
Use the ls command to display file and folder information under a specified directory.
With the –a and –l keyword not specified, the command displays detailed information of files and folder under the specified directory in a list form.
With the remote-path not specified, the command displays the file and folder information of the current working directory.
This command functions as the dir command.
Example
# Display in a list form detailed file and folder information under the current working directory.
sftp-client> ls
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2
1.2.10 mkdir
Syntax
mkdir remote-path
View
SFTP client view
Parameter
remote-path: Name of a directory on a remote SFTP server.
Description
Use the mkdir command to create a directory on a remote SFTP server.
Example
# Create a directory named test on a remote SFTP server.
sftp-client> mkdir test
New directory created
1.2.11 put
Syntax
put local-file [ remote-file ]
View
SFTP client view
Parameter
local-file: Name of a local file.
remote-file: Name of a file on a remote SFTP server.
Description
Use the put command to upload a local file to a remote SFTP server.
If you do not specify the remote-file argument, the file will be saved remotely with the same name as the local one.
Example
# Upload a local temp.c file to a remote SFTP server and save it as temp1.c.
sftp-client> put temp.c temp1.c
Local file:temp.c ---> Remote file: /temp1.c
Uploading file successfully ended
1.2.12 pwd
Syntax
pwd
View
SFTP client view
Parameter
None
Description
Use the pwd command to display working directories on a remote SFTP server.
Example
# Display working directories on a remote SFTP server.
sftp-client> pwd
/
1.2.13 quit
Syntax
quit
View
SFTP client view
Parameter
None
Description
Use the quit command to terminate the connection with a remote SFTP server and return to system view.
This command functions as the bye or exit command does.
Example
# Terminate the connection with a remote SFTP server.
sftp-client> quit
Bye
[Sysname]
1.2.14 remove
Syntax
remove remote-file&<1-10>
View
SFTP client view
Parameter
remote-file&<1-10>: Name of a file on an SFTP server. &<1-10> means that you can provide up to 10 filenames, which are separated by space.
Description
Use the remove command to delete a specified file from a remote server.
This command functions as the delete command.
Example
# Delete the temp.c file from a server.
sftp-client> remove temp.c
The following files will be deleted:
/temp.c
Are you sure to delete it?[Y/N]:y
This operation may take a long time.Please wait...
File successfully Removed
1.2.15 rename
Syntax
rename oldname newname
View
SFTP client view
Parameter
oldname: Original file name or directory name.
newname: New file name or directory name.
Description
Use the rename command to change a specified file name or directory name on an SFTP server.
Example
# Change the name of a file on an SFTP server from temp1.c to temp2.c.
sftp-client> rename temp1.c temp2.c
File successfully renamed
1.2.16 rmdir
Syntax
rmdir remote-path&<1-10>
View
SFTP client view
Parameter
remote-path&<1-10>: Name of the directory on the remote SFTP server. &<1-10> means that you can provide up to 10 filenames that are separated by space.
Description
Use the rmdir command to delete a specified directory from an SFTP server.
Example
# Delete the temp1 directory from an SFTP server.
sftp-client> rmdir temp1
Directory successfully removed