S2000-EA系列交换机SFTP功能的配置
一、 组网需求:
SFTP客户端(SwitchA)和SFTP服务器(SwitchB)之间建立SSH连接,SFTP客户端(Switch A)登录到SFTP服务器(Switch B),进行文件管理和文件传送等操作,在SFTP服务器上已经存在SFTP用户名为client001、密码为abc。
二、 组网图:
三、 配置步骤:
1、SFTP服务器(Switch B)上的配置:
# 生成密钥对
<Sysname> system-view
[Sysname] public-key local create rsa
[Sysname] public-key local create dsa
# 在交换机上创建VLAN接口,并为其分配IP地址,此IP地址将作为客户端连接到SFTP服务器时所使用的目的地址。
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ip address 192.168.0.1 255.255.255.0
[Sysname-Vlan-interface1] quit
# 设置SFTP客户端登录SFTP服务器用户界面的SSH认证方式为AAA认证。
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode scheme
# 设置交换机上远程用户登录协议为SSH。
[Sysname-ui-vty0-4] protocol inbound ssh
[Sysname-ui-vty0-4] quit
# 创建本地用户client001。
[Sysname] local-user client001
[Sysname-luser-client001] password simple abc
[Sysname-luser-client001] service-type ssh
[Sysname-luser-client001] quit
# 配置SSH用户认证方式为password。SSH的认证超时时间、尝试次数以及服务器密钥更新时间采用系统默认值。
[Sysname] ssh user client001 authentication-type password
# 指定用户的服务类型为SFTP。
[Sysname] ssh user client001 service-type sftp
# 启动SFTP服务器。
[Sysname] sftp server enable
2、SFTP客户端(Switch A)上的配置:
# SwitchA上的VLAN接口的IP地址必须同SwitchB上的VLAN接口的IP地址位于同一个网段,这里设置为“192.168.0.2”。
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ip address 192.168.0.2 255.255.255.0
[Sysname-Vlan-interface1] quit
# 与远程SFTP服务器建立连接,并输入用户名client001、密码为abc进行登录,进入sftp-client视图。
[Sysname] sftp 192.168.0.1
Input Username: client001
Trying 192.168.0.1 ...
Press CTRL+K to abort
Connected to 192.168.0.1 ...
The Server is not authenticated. Do you continue to access it?(Y/N):y
Do you want to save the server's public key?(Y/N):n
Enter password:
sftp-client>
# 显示服务器的当前目录,删除文件z,并检查此文件是否删除成功。
sftp-client> dir
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new
-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub
-rwxrwxrwx 1 noone nogroup 0 Sep 01 08:00 z
Received status: End of file
Received status: Success
sftp-client> delete z
The following files will be deleted:
/z
Are you sure to delete it?(Y/N):y
This operation may take a long time.Please wait...
Received status: Success
File successfully Removed
sftp-client> dir
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new
-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub
Received status: End of file
Received status: Success
# 新增目录new1,并检查新目录是否创建成功。
sftp-client> mkdir new1
Received status: Success
New directory created
sftp-client> dir
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new
-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub
drwxrwxrwx 1 noone nogroup 0 Sep 02 06:30 new1
Received status: End of file
Received status: Success
# 将目录名new1更名为new2,并查看是否更名成功。
sftp-client> rename new1 new2
File successfully renamed
sftp-client> dir
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new
-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub
drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2
Received status: End of file
Received status: Success
# 从服务器上下载文件pubkey2到本地,并更名为public。
sftp-client> get pubkey2 public
This operation may take a long time, please wait...
.
Remote file:/pubkey2 ---> Local file: public..
Received status: End of file
Received status: Success
Downloading file successfully ended
# 将本地文件pu上传到服务器上,更名为puk,并查看上传是否成功。
sftp-client> put pu puk
This operation may take a long time, please wait...
Local file: pu ---> Remote file: /puk
Received status: Success
Uploading file successfully ended
sftp-client> dir
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new
drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2
-rwxrwxrwx 1 noone nogroup 283 Sep 02 06:35 pub
-rwxrwxrwx 1 noone nogroup 283 Sep 02 06:36 puk
Received status: End of file
Received status: Success
sftp-client>
# 退出SFTP。
sftp-client> quit
Bye
[Sysname]
四、 配置关键点:
无
按上面操作,在HCL 3.0.1版本上用“H3C MSR36-20”设备实验,写到以下二行命令出错
# 配置SSH用户认证方式为password。SSH的认证超时时间、尝试次数以及服务器密钥更新时间采用系统默认值。
[Sysname] ssh user client001 authentication-type password
# 指定用户的服务类型为SFTP。
[Sysname] ssh user client001 service-type sftp
(0)
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作