SFTP must be disabled before enabling tftp.
SFTP must be disabled before enabling auto-tftp.
Similarly, while SFTP is enabled, TFTP cannot be enabled using an SNMP management application.
Attempting to do so generates an "inconsistent value" message. (An SNMP management application cannot
be used to enable or disable auto-TFTP.)
• To enable SFTP by using an SNMP management application, you must first disable TFTP and, if configured,
auto-TFTP on the switch. You can use either an SNMP application or the CLI to disable TFTP, but you must
use the CLI to disable auto-TFTP.
Enabling SSH V2 (required for SFTP)
switch(config)# ip ssh version 2
NOTE:
As a matter of policy, administrators should
not
enable the SSH V1-only or the SSH V1-or-V2
advertisement modes. SSHv1 is supported on only some legacy switches.
Confirming that SSH is enabled
switch(config)# show ip ssh
Once you have confirmed that you have enabled an SSH session (with the
show ip ssh
command), enter
ip
ssh filetransfer
so that SCP and/or SFTP can run. You can then open your third-party software client
application to begin using the SCP or SFTP commands to safely transfer files or issue commands to the switch.
NOTE:
Any attempts to use SCP or SFTP without using
ip ssh filetransfer
cause the SCP or SFTP
session to fail. Depending on the client software in use, you will receive an error message on the
originating console, for Example:
IP file transfer not enabled on the switch
Disabling secure file transfer
switch(config)# no ip ssh filetransfer
Authentication
Switch memory allows up to ten public keys. This means the authentication and encryption keys you use for your
third-party client SCP/SFTP software can differ from the keys you use for the SSH session, even though both
SCP and SFTP use a secure SSH tunnel.
NOTE:
SSH authentication is mutually exclusive with RADIUS servers.
Some clients, such as PSCP (PuTTY SCP), automatically compare switch host keys for you. Other clients require
you to manually copy and paste keys to the
$HOME/.ssh/known_hosts
file. Whatever SCP/SFTP software tool
you use, after installing the client software you must verify that the switch host keys are available to the client.
Because the third-party software utilities you may use for SCP/SFTP vary, you should refer to the documentation
provided with the utility you select before performing this process.
Chapter 11 File Transfers
351