338
Configuring the device as an SFTP client
SFTP client configuration task list
Tasks at a glance
(Optional.)
Specifying the source IP address for SFTP packets
(Required.)
Establishing a connection to an SFTP server
(Optional.)
Establishing a connection to an SFTP server based on Suite B
(Optional.)
(Optional.)
(Optional.)
(Optional.)
Terminating the connection with the SFTP server
Specifying the source IP address for SFTP packets
As a best practice, specify the IP address of a loopback interface as the source IP address of SFTP
packets for the following purposes:
•
Ensuring the communication between the SFTP client and the SFTP server.
•
Improving the manageability of SFTP clients in the authentication service.
To specify the source IP address for SFTP packets:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Specify the source
address for SFTP
packets.
•
Specify the source IPv4 address
for SFTP packets:
sftp client source
{
ip
ip-address
|
interface interface-type
interface-number
}
•
Specify the source IPv6 address
for SFTP packets:
sftp client ipv6 source
{
ipv6
ipv6-address
|
interface
interface-type interface-number
}
By default, the source IP address
for SFTP packets is not
configured.
The IPv4 SFTP packets use the
primary IPv4 address of the
output interface specified in the
routing entry as their source IP
address. The IPv6 SFTP packets
automatically select an IPv6
address as their source address
in compliance with RFC 3484.
Establishing a connection to an SFTP server
When you try to access an SFTP server, the device must use the server's host public key to
authenticate the server. If the server's host public key is not configured on the device, the device will
notify you to confirm whether to continue with the access.
•
If you choose to continue, the device accesses the server and downloads the server's host
public key.
•
If you choose to not continue, the connection cannot be established.
As a best practice, configure the server's host public key on the device in an insecure network.