37
•
sha2-256
: Specifies HMAC algorithm HMAC-SHA2-256.
•
sha2-512
: Specifies HMAC algorithm HMAC-SHA2-512.
prefer-kex
: Specifies the preferred key exchange algorithm. The default is ecdh-sha2-nistp256.
Supported algorithms are diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1,
diffie-hellman-group14-sha1, ecdh-sha2-nistp256, and ecdh-sha2-nistp384,
in ascending order of
security strength and computation time.
•
dh-group-exchange-sha1
: Specifies key exchange algorithm
diffie-hellman-group-exchange-sha1.
•
dh-group1-sha1
: Specifies key exchange algorithm diffie-hellman-group1-sha1.
•
dh-group14-sha1
: Specifies key exchange algorithm diffie-hellman-group14-sha1.
•
ecdh-sha2-nistp256
: Specifies key exchange algorithm ecdh-sha2-nistp256.
•
ecdh-sha2-nistp384
: Specifies key exchange algorithm ecdh-sha2-nistp384.
prefer-stoc-cipher
: Specifies the preferred server-to-client encryption algorithm. The default
is AES128-CTR. Supported algorithms are the same as the client-to-server encryption algorithms
(see the
prefer-ctos-cipher
keyword).
prefer-stoc-hmac
: Specifies the preferred server-to-client HMAC algorithm. The default is
SHA2-256. Supported algorithms are the same as the client-to-server HMAC algorithms (see the
prefer-ctos-hmac
keyword).
public-key keyname
: Specifies the server's host public key that the client uses to authenticate
the server. The
keyname
argument is a case-insensitive string of 1 to 64 characters.
server-pki-domain
domain-name
: Specifies the PKI domain for verifying the server's
certificate. The
domain-name
argument represents the PKI domain name, a case-insensitive
string of 1 to 31 characters. Invalid characters are tildes (~), asterisks (*), backslashes (\), vertical
bars (|), colons (:), dots (.), angle brackets (< >), quotation marks ("), and apostrophes (').
source
: Specifies a source IPv6 address or source interface for IPv6 SCP packets. By default, the
device automatically selects a source address for IPv6 SCP packets in compliance with RFC 3484.
As a best practice to ensure successful SCP connections, specify a loopback interface as the source
interface or specify the IPv6 address of a loopback interface as the source address.
•
interface interface-type interface-number
: Specifies a source interface by its
type and number. The IPv6 address of this interface is the source IPv6 address of the IPv6 SCP
packets.
•
ipv6 ipv6-address
: Specifies a source IPv6 address.
user
username
: Specifies an SCP username, a case-sensitive string of 1 to 80 characters. If the
username contains an ISP domain name,
use
the
pureusername
@
domain
,
pureusername
/
domain
, or
domain
\
pureusername
format.
password
password
: Specifies a password in plaintext form, a case-sensitive string of 1 to 63
characters.
Usage guidelines
If the client and the server have negotiated to use certificate authentication, the client must verify the
server's certificate. For the client to correctly get the server's certificate, you must specify the server's
PKI domain on the client by using the
server-pki-domain
domain-name
option. The client
uses the CA certificate stored in the specified PKI domain to verify the server's certificate and does
not need to save the server's public key before authentication. If you do not specify the server's PKI
domain, the client uses the PKI domain of its own certificate to verify the server's certificate.
If you do not specify a username and password in the command, you must provide the username
and password in an interactive way.
If the SCP server uses publickey authentication, the password specified by this command is ignored.
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...