148
By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in the state of DOWN. To
configure such an interface, use the
undo shutdown
command to bring it up first.
Network requirements
An SSH connection is established between Switch A and Switch B. See Figure 48. Switch A, an
SFTP client, logs in to Switch B for file management and file transfer. An SSH user uses publickey
authentication with the public key algorithm being RSA.
Figure 48
Network diagram for SFTP client configuration
Configuration procedure
1.
Configure the SFTP server (Switch B)
Generate RSA and DSA key pairs and enable the SSH server.
<SwitchB> system-view
[SwitchB] public-key local create rsa
[SwitchB] public-key local create dsa
[SwitchB] ssh server enable
# Enable the SFTP server.
[SwitchB] sftp server enable
Configure an IP address for VLAN interface 1, which the SSH client uses as the destination for SSH
connection.
[SwitchB] interface vlan-interface 1
[SwitchB-Vlan-interface1] ip address 192.168.0.1 255.255.255.0
[SwitchB-Vlan-interface1] quit
Set the authentication mode on the user interfaces to AAA.
[SwitchB] user-interface vty 0 4
[SwitchB-ui-vty0-4] authentication-mode scheme
Set the protocol that a remote user uses to log in as
SSH
.
[SwitchB-ui-vty0-4] protocol inbound ssh
[SwitchB-ui-vty0-4] quit
Before performing the following tasks, you must generate use the client software to generate RSA key pairs
on the client, save the host public key in a file named
pubkey
, and then upload the file to the SSH server
through FTP or TFTP. For more information, see
Configure the SFTP client (Switch A)
below.
Import the peer public key from the file
pubkey
.
[SwitchB] public-key peer Switch001 import sshkey pubkey
