Table of Contents

Chapter 1 SSH Terminal Service Configuration. 1-1

1.1 SSH Terminal Service Overview. 1-1

1.2 SSH Server Configuration. 1-3

1.3 SSH Client Configuration. 1-10

1.4 Displaying and Maintaining SSH Configuration. 1-11

1.5 SSH Server Configuration Example. 1-12

1.6 SSH Client Configuration Example. 1-14

Chapter 2 SFTP Service Configuration. 2-1

2.1 SFTP Overview. 2-1

2.2 SFTP Server Configuration. 2-1

2.2.1 SFTP Server Configuration Task List 2-1

2.2.2 Starting the SFTP Server 2-1

2.2.3 Configuring the Default Service Type and the SFTP Directory. 2-2

2.2.4 Configuring the Service Type for the User 2-2

2.3 SFTP Client Configuration. 2-2

2.3.1 SFTP Client Configuration Task List 2-2

2.3.2 Starting the SFTP Client 2-3

2.3.3 Shutting Down the SFTP Client 2-3

2.3.4 Operating SFTP Directory. 2-3

2.3.5 Operating SFTP Files. 2-4

2.3.6 Displaying Help Information. 2-5

2.4 SFTP Configuration Example. 2-5

 

Chapter 1  SSH Terminal Service Configuration

When configuring SSH terminal service, go to these sections for information you are interested in:

l           SSH Terminal Service Overview

l           SSH Server Configuration

l           SSH Client Configuration

l           Displaying and Maintaining SSH Configuration

l           SSH Server Configuration Example

l           SSH Client Configuration Example

1.1  SSH Terminal Service Overview

This chapter introduces the secure shell (SSH) feature. When a user telnets to the switch from an insecure network, the SSH feature can provide secure information and powerful authentication functionality, thereby protecting the switch from attacks such as IP address spoofing and clear text password interception attacks.

The switch can act as either SSH server or SSH client. When used as an SSH server, the switch supports multiple connections with SSH clients; when used as an SSH client, the switch supports SSH connections with the SSH server-enabled switch, UNIX hosts, and so on.

Currently, the switch supports SSH 2.0.

Figure 1-1 and Figure 1-2 illustrate two methods for establishing an SSH channel between a client and the server:

l           Connect through a LAN

l           Connect through a WAN

Figure 1-1 Establish an SSH channel through a LAN

Figure 1-2 Establish an SSH channel through a WAN

To establish an SSH authentication secure connection, the server and the client must go through the following five phases:

1)         Version number negotiation:

l           The client sends a TCP connection request.

l           After the TCP connection is established, the server and the client negotiate the version number.

l           If the negotiation succeeds, the key algorithm negotiation phase starts; otherwise, the server tears down the TCP connection.

2)         Key algorithm negotiation:

l           The server generates an RSA key pair randomly, and sends the public key in the key pair to the client.

l           The client uses the public key from the server and a random number generated locally (in length of eight bytes) as parameters to calculate the session key.

l           Using the public key from the server, the client encrypts the random number for calculating the session key and sends the result to the server.

l           Using the local private key, the server decrypts the data sent by the client and obtains the random number used by the client.

l           The server uses the public key and the random number from the client as parameters to calculate the session key with the same algorithm as on the client. The resulting key is 16 bytes long.

On completion of the above steps, the server and the client obtains the same session key. During the session, both ends use the same session key to perform encryption and decryption, thereby guaranteeing the security of data transfer.

3)         Authentication mode negotiation:

l           The client sends its username information to the server.

l           The server initiates a procedure to authenticate the user. If the server is configured not to authenticate the user, the process proceeds to session request phase directly.

l           The client employs an authentication mode to authenticate the server till the authentication succeeds or the server tears down the connection because of timeout.

 

 

4)         Session request: If the authentication succeeds, the client sends a session request to the server. When the server has successfully processed the request, SSH enters the interactive session phase.

5)         Interactive session: The client and the server exchange data till the session is over.

1.2  SSH Server Configuration

The following table describes the SSH server configuration tasks.

Table 1-1 SSH2.0 configuration tasks

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enter user interface view of VTY type	user-interface vty interface-number	—
Set the protocol supported by current user interface	protocol inbound { all | ssh | telnet }	Optional
Return to system view	quit	—
Generate a local RSA key pair	rsa local-key-pair create	Required
Destroy a local RSA key pair	rsa local-key-pair destroy	Optional
Configure the SSH user authentication mode	ssh user username [ authentication-type { password | rsa | password-publickey | all } ]	Required By default, users are unable to log in.
Configure default authentication type for SSH users	ssh authentication-type default [ password | rsa | all | password-publickey ]	Required; By default, users are unable to log in to the system.
Configure the updating cycle of the server key	ssh server rekey-interval hours	Optional By default, the system does not update the server key.
Configure the SSH authentication timeout	ssh server timeout seconds	Optional By default, it is 60 seconds.
Configure the number of SSH authentication retries	ssh server authentication-retries times	Optional By default, it is three times.
Enter public key view	rsa peer-public-key key-name	Required
Enter public key edit view to edit the key	public-key-code begin	Required
Exit public key edit view	public-key-code end	Required
Exit public key edit view	peer-public-key end	Required
Assign the public key for an SSH user	ssh user username assign rsa-key keyname	Required
Configure the SSH compatibility mode	ssh server compatible_ssh1x enable	Optional By default, the server is compatible with the SSH1.x client.

 

I. Configuring the protocol the current user interface supports

Use this configuration task to specify the protocol the current user interface supports.

Perform the following operations in VTY user interface view to configure the protocol the current user interface supports:

To do...	Use the command...
Configure the protocol supported by the current user interface	protocol inbound { all | ssh | telnet }

 

By default, the system supports all protocols.

 

 

II. Generating or destroying an RSA key pair

Use this configuration task to generate or destroy an RSA key pair (including the host key and server key) of the server. The naming conventions for the keys are switchname + host and switchname + server respectively.

After this command is entered, the system prompts you to input the number of the key pair bits. Pay attention to the following:

l           The host key and the server key must have a difference of at least 128 bits in length.

l           The minimum and maximum lengths for the host key and the server key are 512 bits and 2048 bits respectively.

Perform the following operations in system view to generate an RSA key pair:

To do...	Use the command...
Generate an RSA key pair	rsa local-key-pair create
Destroy an RSA key pair	rsa local-key-pair destroy

 

 

III. Configuring the user authentication mode

Use this configuration task to specify the authentication mode for an SSH user. You must specify an authentication mode for a new user; otherwise, the new user will not be able to log in.

Follow these steps to configure the authentication mode for an SSH user:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Configure an authentication mode for SSH users	ssh user username authentication-type { password | rsa | password-publickey | all }	By default, no login authentication mode is specified, that is, SSH users are unable to log in.

 

Note the following points:

1)         The authentication mode configured for SSH users is used preferably. For example, an SSH user is added whose service type is set to stelnet but configured with no authentication mode. In this case, whatever the default authentication mode, the user cannot log in because the user's authentication mode is null.

2)         Standard radius does not support user-level attributes. Therefore, during remote authentication, you must specify the server type in the radius scheme as standard or extend and specify the correct user level on the radius server before the corresponding user level can be obtained after successful login; otherwise, you can log in only as a 0-level user.

IV. Configure the default user authentication mode

Use this configuration to specify the default authentication mode for SSH users.

An SSH user is authenticated in one of the following two cases:

1)         A user configured with an authentication mode will be authenticated in the authentication mode configured.

2)         A user not configured with any authentication mode will be authenticated in the default authentication mode:

l           If the default authentication mode is password or all, the user can log in successfully by using a local or remote SSH username and password.

l           If the default authentication mode is rsa or password-publickey, the user must be assigned a key and authenticated in key mode through a local SSH user. An SSH user in key mode does not support remote authentication.

If no default authentication mode is available, the user cannot log in because the user is not configured with any authentication mode; therefore, a user must be configured with an authentication mode before logging in successfully.

The default authentication mode is NULL; that is, no authentication mode is configured.

Follow these steps to configure the default authentication mode for SSH users:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Configure the default authentication mode for SSH users	ssh authentication-type default { password | rsa | all | password-publickey }	If no default authentication mode is available and no authentication mode is configured for a user, the user will not be able to log in.

 

V. Configuring the updating cycle of the server key

Use this configuration task to set the updating cycle of the server key to secure the SSH connection in best effort.

Perform the following operations in system view to configure the updating cycle of the server key:

To do...	Use the command...
Configure the updating cycle of the server key	ssh server rekey-interval hours
Cancel the updating cycle configuration	undo ssh server rekey-interval

 

By default, the system does not update the server key.

VI. Configuring the authentication timeout

Use this configuration task to set the authentication timeout of SSH connections.

Perform the following operations in system view to configure the SSH authentication timeout:

To do...	Use the command...
Set the SSH authentication timeout	ssh server timeout seconds
Restore the default SSH authentication timeout	undo ssh server timeout

 

By default, the authentication timeout is 60 seconds.

VII. Configuring the number of authentication retries

Use this configuration task to set the number of authentication retries an SSH user can request for a connection, thereby preventing illegal behaviors such as malicious guessing.

Perform the following operations in system view to configure the number of SSH authentication retries:

To do...	Use the command...
Configure the number of SSH authentication retries	ssh server authentication-retries times
Restore the default number of SSH authentication retries	undo ssh server authentication-retries

 

By default, the number of authentication retries is 3.

VIII. Entering the public key view

Use this configuration command to enter the public key view and specify the name of the public key of the client.

Perform the first configuration in the following table in system view to enter the public key view:

To do...	Use the command...
Enter the public key view	rsa peer-public-key key-name
Exit the public view and return to the system view	peer-public-key end

 

 

IX. Entering the public key edit view

After entering the public key view by the rsa peer-public-key command, you can use the public-key-code begin command to enter the public key edit view and input the public key of the client.

When inputting the public key, you may type spaces between the characters (the system will delete the spaces automatically), or press <Enter> and then continue to input the key. Note that the public key must be a hexadecimal string coded in the public key format.

Perform the following operations in public key view to enter the public key edit view:

To do...	Use the command...
Enter the public key edit view	public-key-code begin

 

X. Exiting the public key edit view

Use this configuration task to return from the public key edit view to the public key view and save the input public key. Before saving the input public key, the system will check the validity of the key:

l           If the public key string contains any illegal character, the configured key is invalid;

l           If the configured key is valid, it will be saved to the public keys in the system.

Perform the following operations in public key edit view to exit the public key edit view:

To do...	Use the command...
Exit the public key edit view	public-key-code end

 

XI. Specifying the public key for an SSH user

Use this configuration task to specify an existing public key for an SSH user.

Perform the following operations in system view to specify/cancel the public key for an SSH user:

To do...	Use the command...
Specify the public key for an SSH user	ssh user username assign rsa-key keyname
Cancel the corresponding relationship between the user and the public key	undo ssh user username assign rsa-key

 

XII. Configuring the server compatibility mode

Use this configuration task to set whether the server should be compatible with the SSH 1.x client.

Perform the following operations in system view to configure the compatibility mode:

To do...	Use the command...
Set the server to be compatible with the SSH 1.x client	ssh server compatible_ssh1x enable
Set the server to be incompatible with the SSH 1.x client	undo ssh server compatible_ssh1x

 

By default, the server is compatible with the SSH 1.x client.

1.3  SSH Client Configuration

The following sections describe the SSH client configuration tasks.

l           Starting the SSH client

l           Specifying the public key of the server

l           Configuring the first-time authentication of the server

I. Starting the SSH client

Use this configuration task to enable the SSH client, establish the connection with the server, and carry out interactive session.

Perform the following operations in system view to start the SSH client:

To do...	Use the command...
Start the SSH client	ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]

 

II. Specifying the public key of the server

Use this configuration task to allocate an existing public key to the client.

Perform the following operations in system view to specify/remove the public key of the server:

To do...	Use the command...
Specify the public key of the server	ssh client server-ip assign rsa-key keyname
Cancel the corresponding relationship between the server and the public key	undo ssh client server-ip assign rsa-key

 

III. Configuring the first-time authentication of the server

Use this configuration task to configure or cancel the first-time authentication of the server performed by the SSH client.

The first-time authentication means that when the SSH client accesses the server for the first time in the case that there is no local copy of the server’s public key, the user can choose to proceed to access the server and save a local copy of the server’s public key; when the client accesses the server next time, it uses the saved public key to authenticate the server.

Perform the following operations in system view to configure/cancel the first-time authentication of the server:

To do...	Use the command...
Configure the first-time authentication of the server	ssh client first-time enable
Cancel the first-time authentication of the server	undo ssh client first-time

 

By default, the client does not perform the first-time authentication.

1.4  Displaying and Maintaining SSH Configuration

To do...	Use the command...	Remarks
Display the public key of the host key pair and the server key pair of the server	display rsa local-key-pair public	Available in any view
Display the public key of the specified RSA key pair of the client	display rsa peer-public-key [ brief | name keyname ]
Display the SSH status information and session information	display ssh server { status | session }
Display information about the SSH user	display ssh user-information [ username ]
Enable SSH debugging	debugging ssh server { vty index | all }	Available in user view
Disable SSH debugging	undo debugging ssh server { vty index | all }

 

1.5  SSH Server Configuration Example

I. Network requirements

As shown in Figure 1-3, a PC (SSH client) running SSH 2.0-enabled client software establishes a local connection with the switch (SSH server) to better guarantee the security of exchanged information.

II. Network diagram

Figure 1-3 Network diagram for SSH server

III. Configuration procedure

1)         Generate the RSA key.

[H3C] rsa local-key-pair create

 

 

2)         Set the user login authentication mode.

The following shows the configuration methods for both password authentication and RSA public key authentication.

l           Password authentication.

# Create the local user client001, and set the authentication mode of the user interface to AAA.

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] authentication-mode scheme

# Specify the login protocol for user client001 as SSH.

[H3C-ui-vty0-4] protocol inbound ssh

[H3C] local-user client001

New local user added

[H3C-luser-client001] password simple test

[H3C-luser-client001]service-type ssh 

[H3C-luser-client001]quit

[H3C] ssh user client001 authentication-type password

 

 

l           RSA authentication.

# Create the local user client001, and set the authentication mode of the user interface to AAA.

[H3C] user-interface vty 0 4

[H3C-ui-vty0-4] authentication-mode scheme

# Specify the login protocol for user client002 as SSH.

[H3C-ui-vty0-4] protocol inbound ssh

# Set the authentication mode for the remote user on the switch to RSA.

[H3C] ssh user client002 authentication-type rsa

# Using the SSH 2.0-enabled client software, randomly generate an RSA key pair and send the public key to the server.

Configure the public key of the client.

[H3C] rsa peer-public-key H3C002

[H3C-rsa-public-key] public-key-code begin

[9505A-rsa-public-key]public-key-code begin

RSA key code view: return to last view with "public-key-code end".

[9505A-rsa-key-code]30818602 8180507E DB32853A 58D19A3E B216BDC9 AA37535A

[9505A-rsa-key-code]6F6B0FE8 B5D4BCD2 A1C8B127 93212202 938D98D8 8A6AB88B

[9505A-rsa-key-code]C8E96A97 3774B383 036CFBE2 59C24887 585D97AA 88616CB9

[9505A-rsa-key-code]4C35029B B4929D58 B9F2A372 99C0F029 D69FE3D3 0469894B

[9505A-rsa-key-code]417BAD0D 921AA895 2F9B6ADE 9E755B66 4E6CAE2F 94C339E3

[9505A-rsa-key-code]5E301FD0 31FC490B 67E1B657 49750201 25

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key] peer-public-key end

[H3C]

# Allocate an existent public key H3C002 to user client002.

[H3C] ssh user client002 assign rsa-key H3C002

Start the SSH client software on the terminal preserving the RSA private key, and perform the corresponding configurations to establish the SSH connection.

1.6  SSH Client Configuration Example

I. Network requirements

As shown in Figure 1-4:

l           Switch A is used as an SSH client.

l           Switch B is used as the SSH server, and the IP address is 10.165.87.136.

II. Network diagram

Figure 1-4 Network diagram for SSH client

III. Configuration procedure

Configure the client to perform the first-time authentication of the server.

l           Employ password authentication mode, and start using the default encryption algorithm.

# Log onto the SSH2 server with IP address 10.165.87.136.

[H3C] ssh2 10.165.87.136

Please input the username:sshuser1

Trying 10.165.87.136

Press CTRL+K to abort

Connected to 10.165.87.136 ...

Enter password:

*********************************************************

*          All rights reserved (2004-2007)              *

*      Without the owner's prior written consent,       *

*no decompiling or reverse-engineering shall be allowed.*

*********************************************************

<H3C>

# Configure the client to authenticate the server on the first-time login.

<H3C> system-view

[H3C] ssh client first-time enable

Access the remote server and perform operations.

l           Employ RSA public key authentication mode, and start using the corresponding encryption algorithm configured.

[H3C] ssh2 10.165.87.136 22 prefer_kex dh_group1 prefer_ctos_cipher des prefer_stoc_cipher 3des prefer_ctos_hmac md5 prefer_stoc_hmac md5

Please input the username: sshuser1

Trying 10.165.87.136...

Press CTRL+K to abort

Connected to 10.165.87.136...

*********************************************************

*          All rights reserved (2004-2007)              *

*      Without the owner's prior written consent,       *

*no decompiling or reverse-engineering shall be allowed.*

*********************************************************

<H3C>

# Configure the client to authenticate the server for the first time.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] ssh client first-time enable

Access the remote server and perform operations.

 

Chapter 2  SFTP Service Configuration

When configuring SFTP service, go to these sections for information you are interested in:

l           SFTP Overview

l           SFTP Server Configuration

l           SFTP Client Configuration

l           SFTP Configuration Example

2.1  SFTP Overview

Secure FTP is established on SSH connections, which makes remote users able to securely log in to the switch and perform file management and transfer operations such as system upgrade, and thereby providing higher security for data transfer. At the same time, since the switch can be used as a client, users can log in to remote devices to transfer files securely.

2.2  SFTP Server Configuration

2.2.1  SFTP Server Configuration Task List

Complete the following tasks to configure the SFTP server:

Task	Remarks
Starting the SFTP Server	Required
Configuring the Default Service Type and the SFTP Directory	Required
Configuring the Service Type for the User	Required

 

2.2.2  Starting the SFTP Server

Follow these steps to start the SFTP server::

To do...	Use the command...	Remarks
Enter system view	system-view	—
Start the SFTP server	sftp server enable	Required By default, the SFTP server is shut down.

 

2.2.3  Configuring the Default Service Type and the SFTP Directory

Follow these steps to configure the default service type and the SFTP directory:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Configure the default service type and the SFTP directory	ssh service-type default { all [ sftp-directory directory ] | sftp [ sftp-directory directory ] | stelnet }	Required The default service type and SFTP directory are both NULL.

 

If a service type and directory have been configured for a user, the configured service type and directory, instead of the default service type will be used. Therefore, it is recommended to configure the authentication type and service type for the user. Otherwise the user will fail to log in owing to incomplete configuration.

Note the following points:

l           When the service type SFTP or all is specified for a user, the default SFTP directory flash: will be configured for the user. The priority of the configured directory is higher than that of the default directory.

l           In the case of remote authentication, the default authentication type of the system should be configured currently so that remote users can log in successfully.

2.2.4  Configuring the Service Type for the User

Follow these steps to configure the service type for the user:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Configure the service type for the user	ssh user username service-type { stelnet | sftp [ sftp-directory directory ] | all [ sftp-directory directory ] }	The default service type is Stelnet.

 

2.3  SFTP Client Configuration

2.3.1  SFTP Client Configuration Task List

Complete the following tasks to configure the SFTP client:

Task	Remarks
Starting the SFTP Client	Required
Shutting Down the SFTP Client	Optional
Operating SFTP Directory	—
Operating SFTP Files	Optional
Displaying Help Information	Optional

 

2.3.2  Starting the SFTP Client

Follow these steps to start the SFTP client, establish a connection with the remote SFTP server, and enter the SFTP client view

To do...	Use the command...	Remarks
Start the SFTP client	sftp host-ip [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | 3des | aes128 } ] [ prefer_stoc_cipher { des | 3des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]	Available in system view

 

2.3.3  Shutting Down the SFTP Client

Use this configuration task to shut down the SFTP client program.

Perform the following operations in SFTP client view to shut down the SFTP client:

To do...	Use the command...
Shut down the SFTP client	bye
	exit
	quit

 

 

2.3.4  Operating SFTP Directory

Available SFTP directory operations include: change or display the current directory, create or delete a directory, display the specified file or directory.

Perform the following operations in SFTP client view to operate SFTP directory:

To do...	Use the command...
Change the current directory	cd remote-path
Return to the upper directory	cdup
Display the current directory	pwd
Display the list of files in the specified directory	dir [ remote-path ]
	ls [ remote-path ]
Create a new directory on the server	mkdir remote-path
Delete a directory from the server	rmdir remote-path

 

 

2.3.5  Operating SFTP Files

Available SFTP file operations include: change the name of a file, download a file, upload a file, display the list of files, and delete a file.

Perform the following operations in SFTP user view to operating SFTP files:

To do...	Use the command...
Change the name of the specified file on the server	rename old-name new-name
Download a file from the remote server	get remote-file [ local-file ]
Upload a local file to the remote server	put local-file [ remote-file ]
Display the list of files in the specified directory	dir [ remote-path ]
	ls [ remote-path ]
Delete a file from the server	delete remote-file
	remove remote-file

 

 

2.3.6  Displaying Help Information

Use this command to display command-relevant help information such as the format of the command, parameter configurations, and so on.

Perform the following operations in SFTP client view to display help information for client commands:

To do...	Use the command...
Display help information for client commands	help [ command-name ]

 

 

2.4  SFTP Configuration Example

I. Network requirements

As shown in Figure 2-1:

l           Switch A is used as the SFTP client;

l           Switch B is used as the SFTP server and its IP address is 10.111.27.91

l           An SFTP user is configured with the username “8040” and password “H3C".

II. Network diagram

Figure 2-1 Network diagram for SFTP

III. Configuration procedure

1)         Configure Switch B.

# Start the SFTP server.

[H3C] sftp server enable

# Specify the service type as SFTP.

[H3C] ssh user 8040 service-type sftp

# Set the authentication mode to password.

[H3C] ssh user 8040 authentication-type password

2)         Configure Switch A

# Configure the server with a public key whose name is the IP address of the server.

[H3C] rsa peer-public-key 10.111.27.91

[H3C-rsa-public-key] public-key-code begin

RSA key code view: return to last view with "public-key-code end".

[H3C -rsa-key-code]30818602 8180507E DB32853A 58D19A3E B216BDC9 AA37535A

[H3C -rsa-key-code]6F6B0FE8 B5D4BCD2 A1C8B127 93212202 938D98D8 8A6AB88B

[H3C -rsa-key-code]C8E96A97 3774B383 036CFBE2 59C24887 585D97AA 88616CB9

[H3C -rsa-key-code]4C35029B B4929D58 B9F2A372 99C0F029 D69FE3D3 0469894B

[H3C -rsa-key-code]417BAD0D 921AA895 2F9B6ADE 9E755B66 4E6CAE2F 94C339E3

[H3C -rsa-key-code]5E301FD0 31FC490B 67E1B657 49750201 25

[H3C-rsa-key-code] public-key-code end

[H3C-rsa-public-key] peer-public-key end

[H3C] ssh client 10.111.27.91 assign rsa-key 10.111.27.91

# Establish the SSH connection between the client and the server.

[H3C] ssh2 10.111.27.91

Please input the username:8040

Trying

Press CTRL+K to abort

Connected to 10.111.27.91 ...

Enter password:H3C

*********************************************************

*          All rights reserved (2004-2007)              *

*      Without the owner's prior written consent,       *

*no decompiling or reverse-engineering shall be allowed.*

*********************************************************

<H3C>

# Establish a connection with the remote SFTP server and enter the SFTP client view.

<H3C> system-view

[H3C] sftp 10.111.27.91

# Display the current directory of the server, delete file z, and check if the directory has been deleted successfully.

sftp-client> dir

-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg

-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2

-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey1

drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new

-rwxrwxrwx   1 noone    nogroup       225 Sep 01 06:55 pub

-rwxrwxrwx   1 noone    nogroup         0 Sep 01 08:00 z

sftp-client> delete z

Remove this File?(Y/N)

flash:/zy

File successfully Removed

sftp-client> dir

-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg

-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2

-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey1

drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new

-rwxrwxrwx   1 noone    nogroup       225 Sep 01 06:55 pub

# Create a new directory new1, and check if the new directory has been created successfully.

sftp-client> mkdir new1

New path created

sftp-client> dir

-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg

-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2

-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey1

drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new

-rwxrwxrwx   1 noone    nogroup       225 Sep 01 06:55 pub

drwxrwxrwx   1 noone    nogroup         0 Sep 02 06:30 new1

# Change the directory name new1 to new2, and check if the directory name has been changed successfully.

sftp-client> rename new1 new2

sftp-client> dir

-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg

-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2

-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey1

drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new

-rwxrwxrwx   1 noone    nogroup       225 Sep 01 06:55 pub

drwxrwxrwx   1 noone    nogroup         0 Sep 02 06:33 new2

# Download file pubkey2 from the server to a local device, and change the file name to pu.

sftp-client> get pubkey2 pu

Downloading file successfully ended

# Upload local file pu to the server, change the file name to puk, and check if the operations are successful.

sftp-client> put pu puk

Uploading file successfully ended

sftp-client> dir

-rwxrwxrwx   1 noone    nogroup      1759 Aug 23 06:52 config.cfg

-rwxrwxrwx   1 noone    nogroup       225 Aug 24 08:01 pubkey2

-rwxrwxrwx   1 noone    nogroup       283 Aug 24 07:39 pubkey1

drwxrwxrwx   1 noone    nogroup         0 Sep 01 06:22 new

drwxrwxrwx   1 noone    nogroup         0 Sep 02 06:33 new2

-rwxrwxrwx   1 noone    nogroup       283 Sep 02 06:35 pu

-rwxrwxrwx   1 noone    nogroup       283 Sep 02 06:36 puk

sftp-client>

# Exit SFTP.

sftp-client> quit

Bye

[H3C]