Login
- Table of Contents
-
- 07-Security Command Reference
- 00-Preface
- 01-AAA Commands
- 02-802.1X Commands
- 03-MAC Authentication Commands
- 04-Portal Commands
- 05-Port Security Commands
- 06-User Profile Commands
- 07-Password Control Commands
- 08-Public Key Commands
- 09-PKI Commands
- 10-SSH2.0 Commands
- 11-SSL Commands
- 12-TCP and ICMP Attack Protection Commands
- 13-ARP Attack Protection Commands
- 14-FIPS Commands
- 15-IPsec Commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 10-SSH2.0 Commands | 177.29 KB |
SSH2.0 server configuration commands
ssh server authentication-retries
ssh server authentication-timeout
ssh server compatible-ssh1x enable
SSH2.0 client configuration commands
ssh client authentication server
SFTP server configuration commands
SFTP client configuration commands
SSH2.0 server configuration commands
display ssh server
Syntax
display ssh server { session | status } [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
session: Displays the session information of the SSH server.
status: Displays the status information of the SSH server.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use display ssh server on an SSH server to display SSH server status information or session information.
This command is also available on an SFTP server.
Related commands: ssh server authentication-retries, ssh server authentication-timeout, ssh server compatible-ssh1x enable, ssh server enable, and ssh server rekey-interval.
Examples
# Display the SSH server status information.
<Sysname> display ssh server status
SSH Server: Disable
SSH version : 1.99
SSH authentication-timeout : 60 second(s)
SSH server key generating interval : 0 hour(s)
SSH Authentication retries : 3 time(s)
SFTP Server: Disable
SFTP Server Idle-Timeout: 10 minute(s)
Table 1 Command output
|
Field |
Description |
|
SSH Server |
Whether the SSH server function is enabled. |
|
SSH version |
SSH protocol version. When the SSH supports SSH1, the protocol version is 1.99. Otherwise, the protocol version is 2.0. |
|
SSH authentication-timeout |
Authentication timeout period. |
|
SSH server key generating interval |
SSH server key pair update interval. |
|
SSH Authentication retries |
Maximum number of SSH authentication attempts. |
|
SFTP Server |
Whether the SFTP server function is enabled. |
|
SFTP Server Idle-Timeout |
SFTP connection idle timeout period. |
# Display the SSH server session information.
<Sysname> display ssh server session
Conn Ver Encry State Retry SerType Username
VTY 0 2.0 DES Established 0 SFTP client001
Table 2 Command output
|
Field |
Description |
|
Conn |
Connected VTY channel |
|
Ver |
SSH server protocol version |
|
Encry |
Encryption algorithm |
|
State |
Status of the session: · Init—Initialization · Ver-exchange—Version negotiation · Keys-exchange—Keys exchange · Auth-request—Authentication request · Serv-request—Session service request · Established—The session is established · Disconnected—The session is disconnected |
|
Retry |
Number of authentication attempts |
|
SerType |
Service type (SFTP and Stelnet) |
|
Username |
Name of a user for login |
display ssh user-information
Syntax
display ssh user-information [ username ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
username: SSH username, a string of 1 to 80 characters.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use display ssh user-information on an SSH server to display information about SSH users.
This command is also available on an SFTP server.
This command displays only information about SSH users configured through the ssh user command on the SSH server.
Without the username argument, the command displays information about all SSH users.
Related commands: ssh user.
Examples
# Display information about all SSH users.
<Sysname> display ssh user-information
Total ssh users : 2
Username Authentication-type User-public-key-name Service-type
yemx password null stelnet|sftp
test publickey pubkey sftp
Table 3 Command output
|
Field |
Description |
|
Username |
Name of the user. |
|
Authentication-type |
Authentication method. If this field has a value of password, the next field will have a value of null. |
|
User-public-key-name |
Public key of the user. |
|
Service-type |
Service type. |
ssh server authentication-retries
Syntax
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Default level
3: Manage level
Parameters
times: Specifies the maximum number of authentication attempts, in the range of 1 to 5.
Description
Use ssh server authentication-retries to set the maximum number of SSH connection authentication attempts.
Use undo ssh server authentication-retries to restore the default.
By default, the maximum number of SSH connection authentication attempts is 3.
This configuration takes effect only for the users trying to log in after the configuration.
Authentication will fail if the number of authentication attempts (including both publickey and password authentication) exceeds that specified in the ssh server authentication-retries command.
If the authentication method of SSH users is password-publickey, the maximum number of SSH connection authentication attempts must be at least 2. This is because SSH2.0 users must pass both password and publickey authentication.
Related commands: display ssh server.
Examples
# Set the maximum number of SSH connection authentication attempts to 4.
<Sysname> system-view
[Sysname] ssh server authentication-retries 4
ssh server authentication-timeout
Syntax
ssh server authentication-timeout time-out-value
undo ssh server authentication-timeout
View
System view
Default level
3: Manage level
Parameters
time-out-value: Authentication timeout period in seconds, in the range of 1 to 120.
Description
Use ssh server authentication-timeout to set the SSH user authentication timeout period on the SSH server.
Use undo ssh server authentication-timeout to restore the default.
By default, the authentication timeout period is 60 seconds.
Related commands: display ssh server.
Examples
# Set the SSH user authentication timeout period to 10 seconds.
<Sysname> system-view
[Sysname] ssh server authentication-timeout 10
ssh server compatible-ssh1x enable
Syntax
ssh server compatible-ssh1x enable
undo ssh server compatible-ssh1x
View
System view
Default level
3: Manage level
Parameters
None
Description
Use ssh server compatible-ssh1x enable to enable the SSH server to support SSH1 clients.
Use undo ssh server compatible-ssh1x to disable the SSH server from supporting SSH1 clients.
By default, the SSH server supports SSH1 clients.
The configuration takes effect only for clients that log in after the configuration.
Related commands: display ssh server.
Examples
# Enable the SSH server to support SSH1 clients.
<Sysname> system-view
[Sysname] ssh server compatible-ssh1x enable
ssh server enable
Syntax
ssh server enable
undo ssh server enable
View
System view
Default level
3: Manage level
Parameters
None
Description
Use ssh server enable to enable the SSH server function.
Use undo ssh server enable to disable the SSH server function.
By default, the SSH server function is disabled.
Examples
# Enable the SSH server function.
<Sysname> system-view
[Sysname] ssh server enable
ssh server rekey-interval
Syntax
ssh server rekey-interval hours
undo ssh server rekey-interval
View
System view
Default level
3: Manage level
Parameters
hours: Server key pair update interval in hours, in the range of 1 to 24.
Description
Use ssh server rekey-interval to set the interval for updating the RSA server key.
Use undo ssh server rekey-interval to restore the default.
By default, the update interval of the RSA server key is 0. That is, the RSA server key is not updated.
Related commands: display ssh server.
This command is only available to SSH users using SSH1 client software.
The system does not update any ECDSA key pair periodically.
Examples
# Set the RSA server key pair update interval to 3 hours.
<Sysname> system-view
[Sysname] ssh server rekey-interval 3
ssh user
Syntax
ssh user username service-type stelnet authentication-type { password | { any | password-publickey | publickey } assign publickey keyname }
ssh user username service-type { all | sftp } authentication-type { password | { any | password-publickey | publickey } assign publickey keyname work-directory directory-name }
undo ssh user username
View
System view
Default level
3: Manage level
Parameters
username: SSH username, a case-sensitive string of 1 to 80 characters.
service-type: Specifies the service type of an SSH user, which can be one of the following:
· all: Specifies both secure Telnet and secure FTP.
· sftp: Specifies the service type as secure FTP.
· stelnet: Specifies the service type of secure Telnet.
authentication-type: Specifies the authentication method of an SSH user, which can be one the following:
· password: Performs password authentication. This authentication method features easy and fast encryption, but it is vulnerable. It can work with AAA to implement user authentication, authorization, and accounting.
· any: Performs either password authentication or publickey authentication.
· password-publickey: Performs both password authentication and publickey authentication (featuring higher security) if the client runs SSH2, and performs either type of authentication if the client runs SSH1.
· publickey: Performs publickey authentication. This authentication method has the downside of complicated and slow encryption, but it provides strong authentication that can defend against brute-force attacks. This authentication method is easy to use. Once it is configured, the authentication process completes automatically without the need of remembering or entering any password.
assign publickey keyname: Assigns an existing public key to an SSH user. keyname indicates the name of the client public key and is a string of 1 to 64 characters.
work-directory directory-name: Specifies the working directory for an SFTP user. directory-name indicates the name of the working directory and is a string of 1 to 135 characters.
Description
Use ssh user to create an SSH user and specify the service type and authentication method.
Use undo ssh user to delete an SSH user.
For a publickey authentication user, you must configure the username and the public key on the device. For a password authentication user, you can configure the account information on either the device or the remote authentication server such as a RADIUS server.
If you use the ssh user command to configure a public key for a user who has already had a public key, the new one overwrites the old one.
You can change the authentication method and public key of an SSH user when the user is communicating with the SSH server. However, your changes take effect only after the user logs out and logs in again.
If an SFTP user has been assigned a public key, it is necessary to set a working folder for the user.
The working folder of an SFTP user depends on the user authentication method. For a user using only password authentication, the working folder is the AAA authorized one. For a user using only publickey authentication or using both publickey authentication and password authentication, the working folder is the one set by using the ssh user command.
Related commands: display ssh user-information.
Examples
# Create an SSH user named user1, setting the service type as sftp, the authentication method as publickey, the working directory of the SFTP server as flash:, and assigning a public key named key1 to the user.
<Sysname> system-view
[Sysname] ssh user user1 service-type sftp authentication-type publickey assign publickey key1 work-directory flash:
SSH2.0 client configuration commands
display ssh client source
Syntax
display ssh client source [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use display ssh client source to display the source IP address or source interface information on an SSH client.
If neither source IP address nor source interface is specified for the SSH client, the system will display the message "Neither source IP address nor source interface was specified for the Stelnet client."
Related commands: ssh client source.
Examples
# Display the source IP address or source interface of the SSH client.
<Sysname> display ssh client source
The source IP address you specified is 192.168.0.1
display ssh server-info
Syntax
display ssh server-info [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use display ssh server-info on a client to display mappings between SSH servers and their host public keys on an SSH client.
This command is also available on an SFTP client.
When an SSH client needs to authenticate the SSH server, it uses the locally saved public key of the server for the authentication. If the authentication fails, you can use this command to check the public key of the server saved on the client.
Related commands: ssh client authentication server.
Examples
# Display the mappings between host public keys and SSH servers saved on the client.
<Sysname> display ssh server-info
Server Name(IP) Server public key name
______________________________________________________
192.168.0.1 abc_key01
192.168.0.2 abc_key02
Table 4 Command output
|
Field |
Description |
|
Server Name(IP) |
Name or IP address of the server |
|
Server public key name |
Name of the host public key of the server |
ssh client authentication server
Syntax
ssh client authentication server server assign publickey keyname
undo ssh client authentication server server assign publickey
View
System view
Default level
2: System level
Parameters
server: IP address or name of the server, a string of 1 to 80 characters.
assign publickey keyname: Specifies the name of the host public key of the server, a string of 1 to 64 characters.
Description
Use ssh client authentication server on a client to configure the host public key of a specified server so that the client can determine whether the server is trustworthy.
Use undo ssh authentication server to remove the configuration.
By default, the host public key of the server is not configured, and when logging into the server, the client uses the IP address or host name used for login as the public key name.
If the client does not support first-time authentication, it will reject unauthenticated servers. In this case, you need to configure the public keys of the servers and specify the mappings between public keys and servers on the client, so that the client uses the correct public key of a server to authenticate the server.
The specified host public key of the server must already exist.
Related commands: ssh client first-time enable.
Examples
# Configure the public key of the server with the IP address of 192.168.0.1 to be key1.
<Sysname> system-view
[Sysname] ssh client authentication server 192.168.0.1 assign publickey key1
ssh client first-time enable
Syntax
ssh client first-time enable
undo ssh client first-time
View
System view
Default level
2: System level
Parameters
None
Description
Use ssh client first-time enable to enable the first-time authentication function.
Use undo ssh client first-time to disable the function.
By default, the function is enabled.
With first-time authentication, when an SSH client not configured with the server host public key accesses the server for the first time, the user can continue accessing the server, and save the host public key on the client. When accessing the server again, the client will use the saved server host public key to authenticate the server.
Without first-time authentication, a client not configured with the server host public key will refuse to access the server. To access the server, a user must configure in advance the server host public key locally and specify the public key name for authentication.
Because the server might update its key pairs periodically, clients must obtain the most recent public keys of the server for successful authentication of the server.
Examples
# Enable the first-time authentication function.
<Sysname> system-view
[Sysname] ssh client first-time enable
ssh client ipv6 source
Syntax
ssh client ipv6 source { ipv6 ipv6-address | interface interface-type interface-number }
undo ssh client ipv6 source
View
System view
Default level
3: Manage level
Parameters
ipv6 ipv6-address: Specifies a source IPv6 address.
interface interface-type interface-number: Specifies a source interface by its type and number.
Description
Use ssh client ipv6 source to specify the source IPv6 address or source interface for the SSH client.
Use undo ssh client ipv6 source to remove the configuration.
By default, an SSH client uses the IPv6 address of the interface specified by the route of the device to access the SSH server.
Related commands: display ssh client source.
Examples
# Specify the source IPv6 address as 2:2::2:2 for the SSH client.
<Sysname> system-view
[Sysname] ssh client ipv6 source ipv6 2:2::2:2
ssh client source
Syntax
ssh client source { ip ip-address | interface interface-type interface-number }
undo ssh client source
View
System view
Default level
3: Manage level
Parameters
ip ip-address: Specifies a source IPv4 address.
interface interface-type interface-number: Specifies a source interface by its type and number.
Description
Use ssh client source to specify the source IPv4 address or source interface of the SSH client.
Use undo ssh client source to remove the configuration.
By default, an SSH client uses the IP address of the interface specified by the route of the device to access the SSH server.
Related commands: display ssh client source.
Examples
# Specify the source IPv4 address of the SSH client as 192.168.0.1.
<Sysname> system-view
[Sysname] ssh client source ip 192.168.0.1
ssh2
Syntax
ssh2 server [ port-number ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] *
View
User view
Default level
0: Visit level
Parameters
server: Specifies the IPv4 address or host name of the server, a case-insensitive string of 1 to 20 characters.
port-number: Specifies the port number of the server, in the range of 0 to 65535. The default is 22.
prefer-ctos-cipher: Specifies the preferred encryption algorithm from client to server, defaulted to aes128.
· 3des: Specifies the encryption algorithm 3des-cbc.
· aes128: Specifies the encryption algorithm aes128-cbc.
· des: Specifies the encryption algorithm des-cbc.
prefer-ctos-hmac: Specifies the preferred HMAC algorithm from client to server, defaulted to sha1-96.
· md5: Specifies the HMAC algorithm hmac-md5.
· md5-96: Specifies the HMAC algorithm hmac-md5-96.
· sha1: Specifies the HMAC algorithm hmac-sha1.
· sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
prefer-kex: Specifies the preferred key exchange algorithm, defaulted to dh-group-exchange.
· dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.
· dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
· dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
prefer-stoc-cipher: Specifies the preferred encryption algorithm from server to client, defaulted to aes128.
prefer-stoc-hmac: Specifies the preferred HMAC algorithm from server to client, defaulted to sha1-96.
Description
Use ssh2 to establish a connection to an IPv4 SSH server and specify the publickey algorithm, the preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC algorithms between the client and server.
Examples
# Log in to remote SSH2.0 server 10.214.50.51, using the following algorithms:
· The preferred key exchange algorithm is dh-group1.
· The preferred encryption algorithm from server to client is aes128.
· The preferred HMAC algorithm from client to server is md5.
· The preferred HMAC algorithm from server to client is sha1-96.
<Sysname> ssh2 10.214.50.51 prefer-kex dh-group1 prefer-stoc-cipher aes128 prefer-ctos-hmac md5 prefer-stoc-hmac sha1-96
ssh2 ipv6
Syntax
ssh2 ipv6 server [ port-number ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] *
View
User view
Default level
0: Visit level
Parameters
server: Specifies the IPv6 address or host name of the server, a case-insensitive string of 1 to 46 characters.
port-number: Specifies the port number of the server, in the range of 0 to 65535. The default is 22.
prefer-ctos-cipher: Specifies the preferred encryption algorithm from client to server, defaulted to aes128.
· 3des: Specifies the encryption algorithm 3des-cbc.
· aes128: Specifies the encryption algorithm aes128-cbc.
· des: Specifies the encryption algorithm des-cbc.
prefer-ctos-hmac: Specifies the preferred HMAC algorithm from client to server, defaulted to sha1-96.
· md5: Specifies the HMAC algorithm hmac-md5.
· md5-96: Specifies the HMAC algorithm hmac-md5-96.
· sha1: Specifies the HMAC algorithm hmac-sha1.
· sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
prefer-kex: Specifies the preferred key exchange algorithm, default to dh-group-exchange.
· dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.
· dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
· dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
prefer-stoc-cipher: Specifies the preferred encryption algorithm from server to client, defaulted to aes128.
prefer-stoc-hmac: Specifies the preferred HMAC algorithm from server to client, defaulted to sha1-96.
Description
Use ssh2 ipv6 to establish a connection to an IPv6 SSH server and specify publickey algorithm, the preferred key exchange algorithm, and the preferred encryption algorithms and preferred HMAC algorithms between the client and server.
Examples
# Log in to remote SSH2.0 server 2000::1, setting the algorithms as follows:
· The preferred key exchange algorithm is dh-group1.
· The preferred encryption algorithm from server to client is aes128.
· The preferred HMAC algorithm from client to server is md5.
· The preferred HMAC algorithm from server to client is sha1-96.
<Sysname> ssh2 ipv6 2000::1 prefer-kex dh-group1 prefer-stoc-cipher aes128 prefer-ctos-hmac md5 prefer-stoc-hmac sha1-96
SFTP server configuration commands
sftp server enable
Syntax
sftp server enable
undo sftp server enable
View
System view
Default level
3: Manage level
Parameters
None
Description
Use sftp server enable to enable SFTP server.
Use undo sftp server enable to disable SFTP server.
By default, SFTP server is disabled.
Related commands: display ssh server.
Examples
# Enable SFTP server.
<Sysname> system-view
[Sysname] sftp server enable
sftp server idle-timeout
Syntax
sftp server idle-timeout time-out-value
undo sftp server idle-timeout
View
System view
Default level
3: Manage level
Parameters
time-out-value: Specifies the timeout period in minutes. It ranges from 1 to 35,791.
Description
Use sftp server idle-timeout to set the idle timeout period for SFTP user connections.
Use undo sftp server idle-timeout to restore the default.
By default, the idle timeout period is 10 minutes.
Related commands: display ssh server.
Examples
# Set the idle timeout period for SFTP user connections to 500 minutes.
<Sysname> system-view
[Sysname] sftp server idle-timeout 500
SFTP client configuration commands
bye
Syntax
bye
View
SFTP client view
Default level
3: Manage level
Parameters
None
Description
Use bye to terminate the connection with a remote SFTP server and return to user view.
This command functions as the exit and quit commands.
Examples
# Terminate the connection with the remote SFTP server.
sftp-client> bye
Bye
Connection closed.
<Sysname>
cd
Syntax
cd [ remote-path ]
View
SFTP client view
Default level
3: Manage level
Parameters
remote-path: Name of a path on the server.
Description
Use cd to change the working path on a remote SFTP server. With the argument not specified, the command displays the current working path.
You can use the cd .. command to return to the upper-level directory.
You can use the cd / command to return to the root directory of the system.
Examples
# Change the working path to new1.
sftp-client> cd new1
Current Directory is:
/new1
cdup
Syntax
cdup
View
SFTP client view
Default level
3: Manage level
Parameters
None
Description
Use cdup to return to the upper-level directory.
Examples
# From the current working directory /new1, return to the upper-level directory.
sftp-client> cdup
Current Directory is:
/
delete
Syntax
delete remote-file&<1-10>
View
SFTP client view
Default level
3: Manage level
Parameters
remote-file&<1-10>: Specifies names of files on the server. &<1-10> means that you can provide up to 10 filenames, which are separated by space.
Description
Use delete to delete files from a server.
This command functions as the remove command.
Examples
# Delete file temp.c from the server.
sftp-client> delete temp.c
The following files will be deleted:
/temp.c
Are you sure to delete it? [Y/N]:y
This operation might take a long time. Please wait...
File successfully Removed
dir
Syntax
dir [ -a | -l ] [ remote-path ]
View
SFTP client view
Default level
3: Manage level
Parameters
-a: Displays the names of the files and sub-directories under the specified directory.
-l: Displays the detailed information of the files and sub-directories under the specified directory in the form of a list.
remote-path: Name of the directory to be queried.
Description
Use dir to display information about the files and sub-directories under a specified directory.
With the –a and –l keyword not specified, the command displays detailed information of the files and sub-directories under the specified directory in the form of a list.
With the remote-path not specified, the command displays information about the files and sub-directories of the current working directory.
This command functions as the ls command.
Examples
# Display detailed information about the files and sub-directories under the current working directory in the form of a list.
sftp-client> dir
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2
display sftp client source
Syntax
display sftp client source [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
1: Monitor level
Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use display sftp client source to display the source IP address or source interface currently set for the SFTP client.
If neither source IP address nor source interface is specified for the SFTP client, the system will display the message "Neither source IP address nor source interface was specified for the SFTP client."
Related commands: sftp client source.
Examples
# Display the source IP address of the SFTP client.
<Sysname> display sftp client source
The source IP address you specified is 192.168.0.1
exit
Syntax
exit
View
SFTP client view
Default level
3: Manage level
Parameters
None
Description
Use exit to terminate the connection with a remote SFTP server and return to user view.
This command functions as the bye and quit commands.
Examples
# Terminate the connection with the remote SFTP server.
sftp-client> exit
Bye
Connection closed.
<Sysname>
get
Syntax
get remote-file [ local-file ]
View
SFTP client view
Default level
3: Manage level
Parameters
remote-file: Name of a file on the remote SFTP server.
local-file: Name for the local file.
Description
Use get to download a file from a remote SFTP server and save it locally.
If you do not specify the local-file argument, the file will be saved locally with the same name as that on the remote SFTP server.
Examples
# Download file temp1.c and save it as temp.c locally.
sftp-client> get temp1.c temp.c
Remote file:/temp1.c ---> Local file: temp.c
Downloading file successfully ended
help
Syntax
help [ all | command-name ]
View
SFTP client view
Default level
3: Manage level
Parameters
all: Displays a list of all commands.
command-name: Name of a command.
Description
Use help to display a list of all commands or the help information of an SFTP client command.
With neither the argument nor the keyword specified, the command displays a list of all commands.
Examples
# Display the help information of the get command.
sftp-client> help get
get remote-path [local-path] Download file.Default local-path is the same
as remote-path
ls
Syntax
ls [ -a | -l ] [ remote-path ]
View
SFTP client view
Default level
3: Manage level
Parameters
-a: Displays the filenames and the folder names of the specified directory.
-l: Displays in a list form detailed information of the files and folders of the specified directory.
remote-path: Name of the directory to be queried.
Description
Use ls to display file and folder information under a specified directory.
With the –a and –l keyword not specified, the command displays detailed information of files and folders under the specified directory in a list form.
With the remote-path not specified, the command displays the file and folder information of the current working directory.
This command functions as the dir command.
Examples
# Display in a list form detailed file and folder information under the current working directory.
sftp-client> ls
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2
mkdir
Syntax
mkdir remote-path
View
SFTP client view
Default level
3: Manage level
Parameters
remote-path: Name for the directory on a remote SFTP server.
Description
Use mkdir to create a directory on a remote SFTP server.
Examples
# Create a directory named test on the remote SFTP server.
sftp-client> mkdir test
New directory created
put
Syntax
put local-file [ remote-file ]
View
SFTP client view
Default level
3: Manage level
Parameters
local-file: Name of a local file.
remote-file: Name for the file on a remote SFTP server.
Description
Use put to upload a local file to a remote SFTP server.
If you do not specify the remote-file argument, the file will be saved remotely with the same name as the local one.
Examples
# Upload local file temp.c to the remote SFTP server and save it as temp1.c.
sftp-client> put temp.c temp1.c
Local file:temp.c ---> Remote file: /temp1.c
Uploading file successfully ended
pwd
Syntax
pwd
View
SFTP client view
Default level
3: Manage level
Parameters
None
Description
Use pwd to display the current working directory of a remote SFTP server.
Examples
# Display the current working directory of the remote SFTP server.
sftp-client> pwd
/
quit
Syntax
quit
View
SFTP client view
Default level
3: Manage level
Parameters
None
Description
Use quit to terminate the connection with a remote SFTP server and return to user view.
This command functions as the bye and exit commands.
Examples
# Terminate the connection with the remote SFTP server.
sftp-client> quit
Bye
Connection closed.
<Sysname>
remove
Syntax
remove remote-file&<1-10>
View
SFTP client view
Default level
3: Manage level
Parameters
remote-file&<1-10>: Specifies names of files on an SFTP server. &<1-10> means that you can provide up to 10 filenames, which are separated by space.
Description
Use remove to delete files from a remote server.
This command functions as the delete command.
Examples
# Delete file temp.c from the server.
sftp-client> remove temp.c
The following files will be deleted:
/temp.c
Are you sure to delete it? [Y/N]:y
This operation might take a long time.Please wait...
File successfully Removed
rename
Syntax
rename oldname newname
View
SFTP client view
Default level
3: Manage level
Parameters
oldname: Specifies the name of an existing file or directory.
newname: Specifies the new name for the file or directory.
Description
Use rename to change the name of a specified file or directory on an SFTP server.
Examples
# Change the name of a file on the SFTP server from temp1.c to temp2.c.
sftp-client> rename temp1.c temp2.c
File successfully renamed
rmdir
Syntax
rmdir remote-path&<1-10>
View
SFTP client view
Default level
3: Manage level
Parameters
remote-path&<1-10>: Specifies names of directories on the remote SFTP server. &<1-10> means that you can provide up to 10 directory names that are separated by space.
Description
Use rmdir to delete the specified directories from an SFTP server.
Examples
# On the SFTP server, delete directory temp1 in the current directory.
sftp-client> rmdir temp1
Directory successfully removed
sftp
Syntax
sftp server [ port-number ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] *
View
User view
Default level
3: Manage level
Parameters
server: Specifies the IPv4 address or host name of the server, a case-insensitive string of 1 to 20 characters.
port-number: Specifies the port number of the server, in the range of 0 to 65535. The default is 22.
prefer-ctos-cipher: Specifies the preferred encryption algorithm from client to server, defaulted to aes128.
· 3des: Specifies the encryption algorithm 3des-cbc.
· aes128: Specifies the encryption algorithm aes128-cbc.
· des: Specifies the encryption algorithm des-cbc.
prefer-ctos-hmac: Specifies the preferred HMAC algorithm from client to server, defaulted to sha1-96.
· md5: Specifies the HMAC algorithm hmac-md5.
· md5-96: Specifies the HMAC algorithm hmac-md5-96.
· sha1: Specifies the HMAC algorithm hmac-sha1.
· sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
prefer-kex: Specifies the preferred key exchange algorithm, defaulted to dh-group-exchange.
· dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.
· dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
· dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
prefer-stoc-cipher: Specifies the preferred encryption algorithm from server to client, defaulted to aes128.
prefer-stoc-hmac: Specifies the preferred HMAC algorithm from server to client, defaulted to sha1-96.
Description
Use sftp to establish a connection to a remote IPv4 SFTP server and enter SFTP client view.
When the client's authentication method is publickey, the client needs to get the local private key for validation. As the publickey authentication includes RSA and ECDSA algorithms, you must specify an algorithm (by using the identity-key keyword) in order to get the correct data for the local private key. By default, the publickey algorithm is ECDSA.
Examples
# Connect to SFTP server 10.1.1.2, using the following algorithms:
· The preferred key exchange algorithm is dh-group1.
· The preferred encryption algorithm from server to client is aes128.
· The preferred HMAC algorithm from client to server is md5.
· The preferred HMAC algorithm from server to client is sha1-96.
<Sysname> sftp 10.1.1.2 prefer-kex dh-group1 prefer-stoc-cipher aes128 prefer-ctos-hmac md5 prefer-stoc-hmac sha1-96
Input Username:
sftp client ipv6 source
Syntax
sftp client ipv6 source { ipv6 ipv6-address | interface interface-type interface-number }
undo sftp client ipv6 source
View
System view
Default level
3: Manage level
Parameters
ipv6 ipv6-address: Specifies a source IPv6 address.
interface interface-type interface-number: Specifies a source interface by its type and number.
Description
Use sftp client ipv6 source to specify the source IPv6 address or source interface for an SFTP client.
Use undo sftp client ipv6 source to remove the configuration.
By default, an SFTP client uses the IPv6 address of the interface specified by the route of the device to access the SFTP server.
Related commands: display sftp client source.
Examples
# Specify the source IPv6 address of the SFTP client as 2:2::2:2.
<Sysname> system-view
[Sysname] sftp client ipv6 source ipv6 2:2::2:2
sftp client source
Syntax
sftp client source { ip ip-address | interface interface-type interface-number }
undo sftp client source
View
System view
Default level
3: Manage level
Parameters
ip ip-address: Specifies a source IPv4 address.
interface interface-type interface-number: Specifies a source interface by its type and number.
Description
Use sftp client source to specify the source IPv4 address or interface of an SFTP client.
Use undo sftp client source to remove the configuration.
By default, an SFTP client uses the IP address of the interface specified by the route of the device to access the SFTP server.
Related commands: display sftp client source.
Examples
# Specify the source IP address of the SFTP client as 192.168.0.1.
<Sysname> system-view
[Sysname] sftp client source ip 192.168.0.1
sftp ipv6
Syntax
sftp ipv6 server [ port-number ] [ prefer-ctos-cipher { 3des | aes128 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] *
View
User view
Default level
3: Manage level
Parameters
server: Specifies the IPv6 address or host name of the server, a case-insensitive string of 1 to 46 characters.
port-number: Specifies the port number of the server, in the range of 0 to 65535. The default is 22.
prefer-ctos-cipher: Specifies the preferred encryption algorithm from client to server, defaulted to aes128.
· 3des: Specifies the encryption algorithm 3des-cbc.
· aes128: Specifies the encryption algorithm aes128-cbc.
· des:Specifies the encryption algorithm des-cbc.
prefer-ctos-hmac: Specifies the preferred HMAC algorithm from client to server, defaulted to sha1-96.
· md5: Specifies the HMAC algorithm hmac-md5.
· md5-96: Specifies the HMAC algorithm hmac-md5-96.
· sha1: Specifies the HMAC algorithm hmac-sha1.
· sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
prefer-kex: Specifies the preferred key exchange algorithm, defaulted to dh-group-exchange.
· dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.
· dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
· dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
prefer-stoc-cipher: Specifies the preferred encryption algorithm from server to client, defaulted to aes128.
prefer-stoc-hmac: Specifies the preferred HMAC algorithm from server to client, defaulted to sha1-96.
Description
Use sftp ipv6 to establish a connection to a remote IPv6 SFTP server and enter SFTP client view.
When the client's authentication method is publickey, the client needs to get the local private key for validation. As the publickey authentication includes RSA and ECDSA algorithms, you must specify an algorithm (by using the identity-key keyword) in order to get the correct data for the local private key. By default, the publickey algorithm is ECDSA.
Examples
# Connect to server 2:5::8:9, using the following algorithms:
· The preferred key exchange algorithm is dh-group1.
· The preferred encryption algorithm from server to client is aes128.
· The preferred HMAC algorithm from client to server is md5.
· The preferred HMAC algorithm from server to client is sha1-96.
<Sysname> sftp ipv6 2:5::8:9 prefer-kex dh-group1 prefer-stoc-cipher aes128 prefer-ctos-hmac md5 prefer-stoc-hmac sha1-96
Input Username:
