Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-SSH Commands | 124.64 KB |
Table of Contents
Chapter 1 SSH Terminal Service Configuration Commands
1.1 SSH Server Configuration Commands
1.1.2 display rsa local-key-pair public
1.1.3 display rsa peer-public-key
1.1.5 display ssh user-information
1.1.10 rsa local-key-pair create
1.1.11 rsa local-key-pair destroy
1.1.13 ssh server authentication-retries
1.1.14 ssh server compatible_ssh1x enable
1.1.15 ssh server rekey-interval
1.1.17 ssh user assign rsa-key
1.1.18 ssh user authentication-type
1.1.19 ssh authentication-type default
1.2 SSH Client Configuration Commands
1.2.3 ssh client assign rsa-key
1.2.4 ssh client first-time enable
1.3 SFTP Server Configuration Commands
1.3.2 ssh service-type default
1.4 SFTP Client Configuration Commands
Chapter 1 SSH Terminal Service Configuration Commands
1.1 SSH Server Configuration Commands
1.1.1 debugging ssh server
Syntax
debugging ssh server { vty index | all }
undo debugging ssh server { vty index | all }
View
User view
Parameters
index: SSH channel to be debugged, whose value is dictated by VTY numbers. The default VTY numbers are 0 to 4.
all: Specifies all the SSH channels.
Description
Use the debugging ssh server command to send information regulated by the SSH2.0 protocol, such as the negotiation procedure, to the information center in the format of Debugging information. You can also use it to debug a user interface individually.
Use the undo debugging ssh server command to disable the debugging.
By default, the debugging is disabled.
Logs related to the SSH server are recorded into the log file or log buffer only if debugging is enabled.
Related commands: ssh server authentication-retries, ssh server rekey-interval, ssh server timeout.
Examples
# Print the debugging information when the SSH is running.
<H3C> debugging ssh server vty 0
*0.1426091 9505A SSH/8/debugging_msg_send:SSH_VERSION_SEND message sent on VTY 0
*0.1426188 9505A SSH/8/SSH2 debug:debug info:The server's ssh version sent SSH-1
SSH-1.99-CMW-3.3
*0.1426299 9505A SSH/8/msg_rcv_vty:SSH_VERSION_RECEIVE message received on VTY 0
*0.1426995 9505A SSH/8/SSH2 debug:debug info:Now the server version is ssh2
*0.1427088 9505A SSH/8/SSH2 debug:debug info: The algorithm negotiation begins
*0.1427190 9505A SSH/8/SSH2 debug:debug info:SSH2_MSG_KEXINIT sent
*0.1427269 9505A SSH/8/SSH2 debug:debug info: SSH2_MSG_KEXINIT received
*0.1427360 9505A SSH/8/SSH2 debug:debug info:kex: client->server des-cbc hmac-sh
a1
*0.1427461 9505A SSH/8/SSH2 debug:debug info:kex: server->client des-cbc hmac-sh
a1
*0.1427562 9505A SSH/8/SSH2 debug:debug info:The key exchange algorithm is diffi
e-hellman-group1-sha1
*0.1427695 9505A SSH/8/SSH2 debug:debug info: The algorithm choose is done
*0.1427784 9505A SSH/8/SSH2 debug:debug info:SSH2_MSG_KEXDH_INIT received
*0.1427875 9505A SSH/8/SSH2 debug:debug info:SSH2_MSG_KEXDH_REPLY sent
*0.1427966 9505A SSH/8/SSH2 debug:debug info:SSH2_MSG_NEWKEYS sent
*0.1428047 9505A SSH/8/SSH2 debug:debug info:SSH2_MSG_NEWKEYS received
*0.1428138 9505A SSH/8/SSH2 debug:debug info:The key exchange is done
*0.1428229 9505A SSH/8/SSH2 debug:debug info:User authentication begins
*0.1428320 9505A SSH/8/SSH2 debug:debug info:SSH2_MSG_SERVICE_REQUEST received
*0.1428421 9505A SSH/8/SSH2 debug:debug info:SSH2_MSG_SERVICE_ACCEPT sent
*0.1428513 9505A SSH/8/SSH2 debug:debug info:SSH2_MSG_USERAUTH_REQUEST received
with user:admin,service:ssh-connection,metho
d:none
1.1.2 display rsa local-key-pair public
Syntax
display rsa local-key-pair public
View
Any view
Parameters
None
Description
Use the display rsa local-key-pair public command to display the public key of the server’s host key pair and server key pair.
Related commands: rsa local-key-pair create.
Examples
# Display the public key of the server’s host key pair and server key pair.
<H3C> display rsa local-key-pair public
% Key pair was generated at: 12:26:33 UTC 2002/4/4
Key name: rtvrp_Host
Usage: Encryption Key
Key Data:
30470240 AF7DB1D0 DA78944F 53B7B59B 40D425D0 DC9C57D2 A60916C2 1F165807 08B84DDB 5F4DB8E7 A115B74E 2D41D96C AC61D276 AA027E41 DD48DE64 696E0934 EB872805 02030100 01
% Key pair was generated at: 12:26:45 UTC 2002/4/4
Key name: rtvrp_Server
Usage: Encryption Key
Key Data:
30670260 C05280D9 BA0D56C8 7BE43379 8634CDE7 83ABA9A2 3F36280E 25995487 4FF6AD7A 0E57871C 761E6D92 9914D8C5 CC577388 5B580B94 C2172C8F 36039EED 160A0478 651DED3A 9CCF1AAD D800AAF2 DF7FBEC4 A13ADA59 9E738319 AF366B8B 519D39F5 02030100 01
1.1.3 display rsa peer-public-key
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameters
brief: Displays the brief information about all client public keys.
keyname: Public key name of the client to be displayed. The key name is a consecutive string whose length ranges from 1 to 64 characters.
Description
Use the display rsa peer-public-key command to display the public key of RSA key pair specified by the client. If you do not specify the keyname argument, all public keys will be displayed.
Related commands: rsa local-key-pair create.
Examples
# Display the public key of the specified RSA key pair of the client.
<H3C> display rsa peer-public-key brief
Address Bits Name
1023 abcd
1024 hq
1024 wn1
1024 hq_all
# Display the public key of the specified RSA key pair named abcd of the client.
<H3C> display rsa peer-public-key name 127.0.0.1
=====================================
Key name: 127.0.0.1
Key address:
=====================================
Key Code:
308188
028180
CFC6A68B 39F742A2 76E55B07 39D60B73 D7B4040D 515B2516 17CE9380 53829FF5
C0489BD9 559CC425 CAF37E6F E6417337 693DF5CD 02F12469 420BBD5C 38741295
D74B2336 A5F28FE8 00E0429F FCF47A7F AEF0A1B9 740FC2BE 99F26F35 39C8867D
FAE8C2A1 EAC4CB42 A64982C9 4BA1DD63 49619762 E46F17DF ED1C1ACC DFAB8CB5
0203
010001
1.1.4 display ssh server
Syntax
display ssh server { status | session }
View
Any view
Parameters
status: Displays the SSH status information.
session: Displays the SSH session information.
Description
Use the display ssh server command to display the status information or session information of an SSH server.
Related commands: ssh server authentication-retries, ssh server rekey-interval, ssh server timeout.
Examples
# Display the status information of the SSH server.
<H3C> display ssh server status
SSH - version 1.5
SSH connection timeout: 60 seconds
SSH server key generating interval : 1 hours
SSH Authentication retries: 3 times
SFTP Server: Disable
# Display the session information of the SSH server.
<H3C> display ssh server session
Connection Version Encryption State Username
VTY0 1.99 DES Session started H3C
VTY3 2.0 DES Session started router
1.1.5 display ssh user-information
Syntax
display ssh user-information [ username ]
View
Any view
Parameters
username: Valid SSH user name, a string of 1 to 32 characters.
Description
Use the display ssh user-information command to display the information of the current SSH user, such as username, name of the corresponding peer public key, authentication mode, and authorized service type. If you specify a username for the username argument in the command, the system displays the information of the specified user.
Related commands: ssh user assign rsa-key, ssh user authentication-type, ssh user service-type, display local-user, display rsa peer-public-key.
Examples
# Display the information of the current SSH user.
<H3C> display ssh user-information
Username Authentication-type Public-key-name Service-type Directory
sftp password null stelnet null
aaaaaaaaaaaaaa.. password-publickey 12345678901234.. stelnet null
aaaaaaaaaaaaaa.. password-publickey 12345678901234.. stelnet null
aaaaaaaaaaaaaa.. password-publickey 12345678901234.. stelnet null
aaaaaaaaaaaaaa.. password-publickey 12345678901234.. stelnet null
aaaaaaaaaaaaaa.. password-publickey 12345678901234.. stelnet null
aaaaaaaaaaaaaa.. password-publickey 12345678901234.. stelnet null
aaaaaaaaaaaaaa.. password-publickey 12345678901234.. stelnet null
Total 92 ssh user(s) Matched, 8 listed.
Up to 15 characters of the username or the public key name can be displayed, while up to 9 characters of the directory can be displayed. When the username, public-key-name, and directory contain too many characters, the system displays the result with the wildcards “...”, as shown in the following example:
# Display the information of the current SSH user.
<H3C> display ssh user-information
Username Authentication-type User-public-key-name Service-type Directory
admin password aaaaaaaaaabbbbbbb... sftp flash:
aaaaaaaaaabbbbbb... all aaaaaaaaaabbbbbbb... stelnet null
fxdfxdfxdfxdfxdf... null null stelnet|sftp null
You can use the display local-user and display rsa peer-public-key commands respectively to view too long a username, public-key-name, and directory.
1.1.6 peer-public-key end
Syntax
peer-public-key end
View
Public key view
Parameters
None
Description
Use the peer-public-key end command to exit the public key view and return to the system view.
Related commands: rsa peer-public-key, public-key-code begin.
Examples
# Exit the public key view and save the configuration.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
RSA public key view: return to System View with "peer-public-key end".
[H3C-rsa-public-key] peer-public-key end
[H3C]
1.1.7 protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameters
all: Supports all protocols, including Telnet and SSH.
ssh: Supports the SSH protocol only, and does not support the Telnet protocol.
telnet: Supports the Telnet protocol only, and does not support the SSH protocol.
Description
Use the protocol inbound command to specify the protocol supported by the current user interface.
By default, all protocols are supported.
This configuration takes effect at the next login. Note that after enabling SSH by this command, you still cannot log in through SSH if the client RSA key is not configured.
Caution:
l If the supported protocol configured in the user interface is SSH, make sure to configure the corresponding authentication mode to authentication-mode scheme (using AAA authentication mode).
l If the authentication mode is configured as authentication-mode password or authentication-mode none, the configuration of protocol inbound ssh will fail; contrarily, if a user interface is configured to support the SSH protocol, you will fail to configure authentication-mode password and authentication-mode none.
Related commands: user-interface vty.
Examples
# Set VTY 0 to 4 to support the SSH protocol only.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0 4
[H3C-ui-vty0-4] protocol inbound ssh
# Disable the Telnet function of VTY 0 and make it support SSH only.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] user-interface vty 0
[H3C-ui-vty0] protocol inbound ssh
1.1.8 public-key-code begin
Syntax
public-key-code begin
View
Public key view
Parameters
None
Description
Use the public-key-code begin command to enter the public key edit view and input the public key of the client. Note that you must use the rsa peer-public-key command to specify a client key name before performing this command.
When inputting the public key, you may type spaces between the characters (the system will delete the spaces automatically), or press <Enter> and then continue to input the key. Note that the public key must be a hexadecimal string coded in the public key format and is randomly generated by the SSH 2.0-enabled client software or the client switch.
Related commands: rsa peer-public-key, public-key-code end.
Examples
# Enter the public key edit view and input the key.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code begin
RSA key code view: return to last view with "public-key-code end".
[H3C-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[H3C-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[H3C-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[H3C-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[H3C-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[H3C-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[H3C-key-code] public-key-code end
[H3C-rsa-public-key]
1.1.9 public-key-code end
Syntax
public-key-code end
View
Public key edit view
Parameters
None
Description
Use the public-key-code end command to return from the public key edit view to the public key view and save the public key entered.
After this command is performed to end the public key edit procedure, the system will check the validity of the key before saving the input public key. If the public key string contains any illegal character, the system will prompt the failure of the configuration and the configured key will be discarded; otherwise, the key is valid and will be saved to the user public keys in the system.
Related commands: rsa peer-public-key, public-key-code begin.
Examples
# Exit the public key edit view and save the configured public key.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C003
[H3C-rsa-public-key] public-key-code begin
RSA key code view: return to last view with "public-key-code end".
[H3C-rsa-key-code] public-key-code end
[H3C-rsa-public-key]
1.1.10 rsa local-key-pair create
Syntax
rsa local-key-pair create
View
System view
Parameters
None
Description
Use the rsa local-key-pair create command to generate the RSA key pair (including the host key and server key) of the server. The naming conventions for the keys are switch name + host and switch name + server respectively, for example, H3C_host, H3C_server.
When configuring by this command, if the RSA key pair already exists, you will get a warning asking if you want to replace the existing one. Note that the host key and the server key must have a difference of 128 bits at least, and that the minimum and maximum lengths for the host key and the server key are 512 bits and 2048 bits.
Generating the RSA key pair of the server is the first step to perform after SSH login. It needs to be performed only once; you need not re-perform it after rebooting the switch.
Caution:
When you log in through SSH user, the key generated by the server must be longer than 768 bits. The RSA key generated by the server is 1,024 bits by default.
Related commands: rsa local-key-pair destroy.
Examples
# Generate the local RSA key pair.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa local-key-pair create
The name for the keys will be: rtvrp_Host
% You already have RSA keys defined for rtvrp_Host
% Do you really want to replace them? [yes/no]:y
Choose the size of the key modulus in the range of 512 to 2048 for your Keys.
Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [512]:512
Generating keys...
.....++++++++++++
........................++++++++++++
..........++++++++
............................++++++++
1.1.11 rsa local-key-pair destroy
Syntax
rsa local-key-pair destroy
View
System view
Parameters
None
Description
Use the rsa local-key-pair destroy command to destroy all the RSA key pairs of the server, including the host keys and server keys.
Related commands: rsa local-key-pair create.
Examples
# Destroy all the RSA keys of the server.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa local-key-pair destroy
% Keys to be removed are named rtvrp_Host .
% Do you really want to remove these keys? [yes/no]:y
1.1.12 rsa peer-public-key
Syntax
rsa peer-public-key key-name
View
System view
Parameters
key-name: Name of the public key of the client. It is a consecutive string whose length ranges from 1 to 64 characters.
Description
Use the rsa peer-public-key command to enter the public key view.
Performing this command, you can enter the public key view. Then you can use the public-key-code begin command to configure the client public key on the server. The client public key is generated randomly by the SSH 2.0-enabled client software.
Related commands: public-key-code begin, public-key-code end.
Examples
# Enter the public key view named H3C002.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] rsa peer-public-key H3C002
[H3C-rsa-public-key]
1.1.13 ssh server authentication-retries
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameters
times: Number of authentication retries, in the range from 1 to 5. By default, the value is 3.
Description
Use the ssh server authentication-retries command to set the number of SSH connection authentication retries.
Use the ssh server authentication-retries command to restore the default number of SSH connection authentication retries.
Related commands: display ssh server.
Examples
# Specify the number of login authentication retries as 4.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh server authentication-retries 4
1.1.14 ssh server compatible_ssh1x enable
Syntax
ssh server compatible_ssh1x enable
undo ssh server compatible_ssh1x
View
System view
Parameters
None
Description
Use the ssh server compatible_ssh1x enable command to make the server compatible with the SSH 1.x client.
Use the undo ssh server compatible_ssh1x command to make the server not compatible with an SSH 1.x client.
By default, the server is compatible with the SSH 1.x client.
Examples
# Set the server to be compatible with the SSH 1.x client.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh server compatible_ssh1x enable
1.1.15 ssh server rekey-interval
Syntax
ssh server rekey-interval hours
undo ssh server rekey-interval
View
System view
Parameters
hours: Update interval of the server key, in range of 1 to 24 (hours). It cannot be 0.
Description
Use the ssh server rekey-interval command to set update interval of the server key.
Use the undo ssh server rekey-interval command to remove the configuration.
By default, the system does not update the server key.
Related commands: display ssh server
Examples
# Set to update the server key every three hours.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh server rekey-interval 3
1.1.16 ssh server timeout
Syntax
ssh server timeout seconds
undo ssh server timeout
View
System view
Parameters
seconds: Login timeout (in seconds), in the range from 1 to 120. By default, the value is 60.
Description
Use the ssh server timeout command to set the authentication timeout of SSH connections.
Use the undo ssh server timeout command to restore the default SSH authentication timeout.
The configuration takes effect at the next login.
Related commands: display ssh server.
Examples
# Set the login timeout to 80 seconds.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh server timeout 80
1.1.17 ssh user assign rsa-key
Syntax
ssh user username assign rsa-key keyname
undo ssh user username assign rsa-key
View
System view
Parameters
keyname: Name of the client public key. It is a consecutive string whose length ranges from 1 to 64 characters.
username: Valid SSH username. It is a consecutive string whose length ranges from 1 to 32 characters.
Description
Use the ssh user assign rsa-key command to assign an existing public key for the specified SSH user.
Use the undo ssh user assign rsa-key command to cancel the corresponding relationship between the user and the public key.
The new public key takes effect at the next login.
If a public key already exists before this command is performed, the newly configured key takes effect.
Related commands: display ssh user-information.
Examples
# Assign public key1 for user zhangsan.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh user zhangsan assign rsa-key key1
1.1.18 ssh user authentication-type
Syntax
ssh user username authentication-type { password | rsa | password-publickey | all }
undo ssh user username authentication-type
View
System view
Parameters
password: Forces the user’s authentication mode to password authentication.
rsa: Forces the user’s authentication mode to RSA public key authentication.
password-publickey: Forces the user’s authentication mode to password authentication plus RSA public key authentication.
all: Specifies that the user’s authentication mode can be either password authentication or public authentication.
Description
Use the ssh user authentication-type command to specify an authentication mode for a user.
Use the undo ssh user authentication-type command to restore the user authentication mode to NULL, namely, the unable-to-login mode.
The new authentication mode takes effect at the next login.
By default, no login authentication mode is specified, that is, SSH users are unable to login.
For a new user, you must specify an authentication mode; otherwise, the new user will not be able to log in.
Related commands: display ssh user-information.
Examples
# Specify the authentication mode of user zhangsan to password authentication.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh user zhangsan authentication-type password
1.1.19 ssh authentication-type default
Syntax
ssh authentication-type default { password | rsa | all | password-publickey }
undo ssh authentication-type default
View
System view
Parameters
password: Configures the default user authentication mode as password authentication.
rsa: Configures the default user authentication mode as RSA public key authentication.
all: Specifies that the default user authentication mode can be either password authentication or public key authentication.
password-publickey: Configures the default user authentication mode as a combination of password authentication and public key authentication.
Description
Use the ssh authentication-type default command to configure the default authentication mode for SSH users.
Use the undo ssh authentication-type default command to cancel the default authentication mode for SSH users.
The default authentication mode is NULL, which means that an authentication mode needs to be configured for each SSH user.
Examples
# Configure the default user authentication mode as password authentication.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh authentication-type default password
1.2 SSH Client Configuration Commands
1.2.1 display ssh server-info
Syntax
display ssh server-info
View
Any view
Parameters
None
Description
Use the display ssh server-info command to view the corresponding relationship between the client’s servers and public keys.
Examples
# Display the corresponding relationship between the client’s servers and public keys.
<H3C> display ssh server-info
Server Name(IP) Server public key name
192.168.0.1 test_key01
192.168.0.2 test_key02
1.2.2 quit
Syntax
quit
View
User view
Parameters
None
Description
Use the quit command to terminate the connection with the remote SSH server.
Examples
# Terminate the connection with the remote SSH server.
<H3C> quit
1.2.3 ssh client assign rsa-key
Syntax
ssh client server-ip assign rsa-key keyname
undo ssh client server-ip assign rsa-key
View
System view
Parameters
server-ip: IP address of the server.
keyname: Public key name of the client.
Description
Use the ssh client assign rsa-key command to specify the IP address and the corresponding public key name of the server on the client.
Use the undo ssh client assign rsa-key command to cancel the configuration.
Examples
# Specify the public key of a server with IP address 192.168.0.1 on the client as serverkey01.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh client 192.168.0.1 assign rsa-key serverkey01
1.2.4 ssh client first-time enable
Syntax
ssh client first-time enable
undo ssh client first-time
View
System view
Parameters
None
Description
Use the ssh client first-time enable command to set the SSH client to perform the first-time authentication of the SSH server to be accessed.
Use the undo ssh client first-time command to cancel the first-time authentication.
The first-time authentication means that when the SSH client accesses the server for the first time in the case that there is no local copy of the server’s public key, the user can proceed to access the server and save a local copy of the server’s public key; when the client accesses the server next time, it uses the saved public key to authenticate the server.
If the first-time authentication is not supported, when there is no local copy of the public key of the connected server, the client assumes that the server is illegal and will refuse to access the server. The user can save a copy of the server’s public key locally by other means beforehand.
By default, the client does not perform the first-time authentication.
Examples
# Set the SSH client to perform the first-time authentication of the SSH server to be accessed.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh client first-time enable
1.2.5 ssh2
Syntax
ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]
View
System view
Parameters
host-ip: IP address of the server.
host-name: Server name, a string of 1 to 20 characters.
port-num: Server port number, ranges from 0 to 65535, and defaults to 22.
prefer_kex: Preferred key exchange algorithm, which can be one of the two algorithms.
dh_group1: Key exchange algorithm diffie-hellman-group1-sha1, which is the default algorithm.
dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1.
prefer_ctos_cipher: Preferred encryption algorithm from the client to the server. The default algorithm is aes128.
prefer_stoc_cipher: Preferred encryption algorithm from the server to the client. The default algorithm is aes128.
des: Encryption algorithm des_cbc.
3des: Encryption algorithm 3des_cbc.
aes128: Encryption algorithm aes_128.
prefer_ctos_hmac: Preferred HMAC algorithm from the client to the server. The default algorithm is sha1_96.
prefer_stoc_hmac: Preferred HMAC algorithm from the server to the client. The default algorithm is sha1_96.
sha1: HMAC algorithm hmac-sha1.
sha1_96: HMAC algorithm hmac-sha1-96.
md5: HMAC algorithm hmac-md5.
md5_96: HMAC algorithm hmac-md5-96.
Description
Use the ssh2 command to enable the connection between the SSH client and the server, and specify the preferred key exchange algorithm, encryption algorithm and HMAC algorithm of the client and the server.
Examples
# Log in to remote SSH2 server with IP address 10.214.50.51, and configure encryption algorithms as follows:
l Preferred key exchange algorithm: dh_exchange_group
l Preferred encryption algorithm from the client to the server: 3DES-CBC
l Preferred HMAC algorithm from the client to the server: HMAC-MD5
l Preferred encryption algorithm from the server to the client: AES-128
l Preferred HMAC algorithm from the server to the client: HMAC-SHA1-96
The command is as follows:
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh2 10.214.50.51 prefer_kex dh_exchange_group prefer_ctos_cipher 3des prefer_ctos_hmac md5
1.3 SFTP Server Configuration Commands
1.3.1 sftp server enable
Syntax
sftp server enable
undo sftp server
View
System view
Parameters
None
Description
Use the sftp server enable command to start the SFTP server.
Use the undo sftp server enable command to shutdown the SFTP server.
By default, the SFTP server is shutdown.
Examples
# Start the SFTP server.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] sftp server enable
# Shutdown the SFTP server.
[H3C] undo sftp server
1.3.2 ssh service-type default
Syntax
ssh service-type default { all [ sftp-directory directory ] | sftp [ sftp-directory directory ] | stelnet }
undo ssh service-type default
View
System view
Parameters
all: Sets the default service type to Stelnet or SFTP.
sftp: Sets the default service type to SFTP.
stelnet: Sets the default service type to Stelnet.
sftp-directory directory: Sets the default SFTP login directory.
Description
Use the ssh service-type default command to configure the default service type and SFTP login directory.
Use the undo ssh service-type default command to cancel the default service type and the SFTP login directory.
The default service type and the default SFTP login directory are both NULL.
Examples
# Set the default service type to SFTP and the default directory to cf:.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh service-type default sftp sftp-directory cf:
1.3.3 ssh user service-type
Syntax
ssh user username service-type { stelnet | sftp [ sftp-directory directory ] | all [ sftp-directory directory ] }
undo ssh user username service-type
View
System view
Parameters
username: Local username or username defined by a remote RADIUS server.
stelnet: Sets the service type to Stelnet.
sftp: Sets the service type to SFTP.
all: Includes Stelnet and SFTP.
sftp-directory directory: Specifies the default SFTP login directory, consisting of a string of 1 to 64 characters.
Description
Use the ssh user service-type command to specify the service type for a particular user.
Use the undo ssh user service-type command to restore the default service type.
By default, the service type is Stelnet.
Related commands: display ssh user-information.
Caution:When you configure the ssh user username service-type sftp sftp-directory directory command, make sure the input directory is existing on both the active and standby cards.
Examples
# Set the service type to SFTP and the directory to cf: for user zhangsan.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ssh user zhangsan service-type sftp sftp-directory cf:
1.4 SFTP Client Configuration Commands
1.4.1 bye
Syntax
bye
View
SFTP Client view
Parameters
None
Description
Use the bye command to terminate the connection with the remote SFTP server and return to the user view.
This command has the same functionality as the exit and quit commands.
Examples
# Terminate the connection with the remote SFTP server.
<H3C> system-view
System View: return to User View with Ctrl+Z.
sftp-client> bye
<H3C>
1.4.2 cd
Syntax
cd [remote-path ]
View
SFTP Client view
Parameters
remote-path: Name of a path on the server.
Description
Use the cd command to change the current path on the SFTP server. If you do not specify the remote-path argument, the current path will be displayed.
Examples
# Change the current path to d:/temp.
sftp-client> cd d:/temp
1.4.3 cdup
Syntax
cdup
View
SFTP Client view
Parameters
None
Description
Use the cdup command to change the current path to its upper directory.
Examples
# Change the current path to its upper directory.
sftp-client> cdup
1.4.4 delete
Syntax
delete remote-file
View
SFTP Client view
Parameters
remote-file: Name of a file on the server.
Description
Use the delete command to delete the specified file from the server.
This command has the same functionality as the remove command.
Examples
# Delete file temp.c from the server.
sftp-client> delete temp.c
1.4.5 dir
Syntax
dir [ remote-path ]
View
SFTP Client view
Parameters
remote-path: Name of the directory to view.
Description
Use the dir command to view the files in the specified directory.
If the remote-path argument is not specified, the files in the current directory will be displayed.
This command has the same functionality as the ls command.
Examples
# View directory flash:/
sftp-client> dir flash:/
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2
1.4.6 exit
Syntax
exit
View
SFTP Client view
Parameters
None
Description
Use the exit command to terminate the connection with the remote SFTP server and return to the user view.
This command has the same functionality as the bye and quit commands.
Examples
# Terminate the connection with the remote SFTP server.
sftp-client> exit
<H3C>
1.4.7 get
Syntax
get remote-file [ local-file ]
View
SFTP Client view
Parameters
remote-file: Name of a file on the remote SFTP server.
local-file: Name of a local file.
Description
Use the get command to download a file from the remote server and save it locally.
By default, if no local file name is specified, it is assumed that the local file has the same name as the file on the SFTP server.
Examples
# Download file temp1.c and save it with name temp.c.
sftp-client> get temp1.c temp.c
1.4.8 help
Syntax
help [ command ]
View
SFTP Client view
Parameters
command: Name of a command.
Description
Use the help command to view the help information for SFTP client commands.
If the command argument is not specified, all command names will be displayed.
Examples
# View the help information for the get command.
sftp-client> help get
get remote-path [local-path] Download file
Default local-path is the same with remote-path
1.4.9 ls
Syntax
ls [ remote-path ]
View
SFTP Client view
Parameters
remote-path: Name of the directory to view.
Description
Use the ls command to view the files in the specified directory.
If the remote-path argument is not specified, the files in the current directory will be displayed.
This command has the same functionality as the dir command.
Examples
# View directory flash:/.
sftp-client> ls flash:/
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2
1.4.10 mkdir
Syntax
mkdir remote-path
View
SFTP Client view
Parameters
remote-path: Name of a directory on the remote SFTP server.
Description
Use the mkdir command to create a directory on the remote SFTP server.
Examples
# Create directory test on the remote SFTP server.
sftp-client> mkdir test
1.4.11 put
Syntax
put local-file [ remote-file ]
View
SFTP Client view
Parameters
local-file: Name of a local file.
remote-file: Name of a file on the remote SFTP server.
Description
Use the put command to upload a local file to the remote SFTP server.
By default, if no name of the file on the remote server is specified, it is assumed that the file on the remote server has the same name as the local file.
Examples
# Upload local file temp.c to the remote SFTP server and save it with the name temp1.c.
sftp-client> put temp.c temp1.c
1.4.12 pwd
Syntax
pwd
View
SFTP Client view
Parameters
None
Description
Use the pwd command to display the current directory on the SFTP server.
Examples
# Display the current directory on the SFTP server.
sftp-client> pwd
flash:
1.4.13 quit
Syntax
quit
View
SFTP Client view
Parameters
None
Description
Use the quit command to terminate the connection with the remote SFTP server and return to the user view.
This command has the same functionality as the bye and exit commands.
Examples
# Terminate the connection with the remote SFTP server.
sftp-client> quit
<H3C>
1.4.14 remove
Syntax
remove remote-file
View
SFTP Client view
Parameters
remote-file: Name of a file on the server.
Description
Use the remove command to delete the specified file from the server.
This command has the same functionality as the delete command.
Examples
# Delete the file temp.c from the server.
sftp-client> remove temp.c
1.4.15 rename
Syntax
rename oldname newname
View
SFTP Client view
Parameters
oldname: Original file name.
newname: New file name.
Description
Use the rename command to change the name of the specified file on the SFTP server.
Examples
# Rename the file temp1 on the SFTP server to temp2.
sftp-client> rename temp1 temp2
1.4.16 rmdir
Syntax
rmdir remote-path
View
SFTP Client view
Parameters
remote-path: Name of a directory on the remote SFTP server.
Description
Use the rmdir command to delete the specified directory from the SFTP server.
Examples
# Delete the directory d:/temp1 from the SFTP server.
sftp-client> rmdir d:/temp1
1.4.17 sftp
Syntax
sftp host-ip [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]
View
System view
Parameters
host-ip: IP address of the server.
prefer_key: Preferred key exchange algorithm, which can be either diffie-hellman-group1-sha1 or diffie-hellman-group-exchange-sha1.
dh_group1: Key exchange algorithm diffie-hellman-group1-sha1, which is default algorithm.
dh_exchange_group: Key exchange algorithm diffie-hellman-group-exchange-sha1.
prefer_ctos_cipher: Preferred encryption algorithm from the client to the server. The default algorithm is aes128.
prefer_stoc_cipher: Preferred encryption algorithm from the server to the client. The default algorithm is aes128.
des: Encryption algorithm des_cbc.
3des: Encryption algorithm 3des_cbc.
aes128: Encryption algorithm aes_128.
prefer_ctos_hmac: Preferred HMAC algorithm from the client to the server. The default algorithm is sha1_96.
prefer_stoc_hmac: Preferred HMAC algorithm from the server to the client. The default algorithm is sha1_96.
sha1: HMAC algorithm hmac-sha1.
sha1_96: HMAC algorithm hmac-sha1-96.
md5: HMAC algorithm hmac-md5.
md5_96: HMAC algorithm hmac-md5-96.
Description
Use the sftp command to establish the connection with the remote SFTP server and enter the SFTP Client view.
Examples
# Connect to the SFTP server with IP address 10.214.49.126 using the default encryption algorithm.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] sftp 10.214.49.126
