KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

291

292

293

294

295

296

297

298

299

300

As described earlier in this chapter you can use a TFTP client on the administrator workstation to

update software images. This is a plain-text mechanism that connects to a standalone TFTP server

or another HP switch acting as a TFTP server to obtain the software image files. Using SCP and

SFTP allows you to maintain your switches with greater security. You can also roll out new software

images with automated scripts that make it easier to upgrade multiple switches simultaneously and

securely.

SFTP is unrelated to FTP, although there are some functional similarities. Once you set up an SFTP

session through an SSH tunnel, some of the commands are the same as FTP commands. Certain

commands are not allowed by the SFTP server on the switch, such as those that create files or

folders. If you try to issue commands such as create or remove using SFTP, the switch server

returns an error message.

You can use SFTP just as you would TFTP to transfer files to and from the switch, but with SFTP,

your file transfers are encrypted and require authentication, so they are more secure than they

would be using TFTP. SFTP works only with SSH version 2 (SSH v2.)

NOTE: SFTP over SSH version 1 (SSH v1) is not supported. A request from either the client or

the switch (or both) using SSH v1 generates an error message. The actual text of the error message

differs, depending on the client software in use. Some examples are:

Protocol major versions differ: 2 vs. 1

Connection closed

Protocol major versions differ: 1 vs. 2

Connection closed

Received disconnect from ip-addr : /usr/local/libexec/

sftp-server: command not supported

Connection closed

SCP is an implementation of the BSD rcp (Berkeley UNIX remote copy) command tunneled through

an SSH connection.

SCP is used to copy files to and from the switch when security is required. SCP works with both

SSH v1 and SSH v2. Be aware that the most third-party software application clients that support

SCP use SSHv1.

The general process for using SCP and SFTP involves three steps:

1. Open an SSH tunnel between your computer and the switch if you have not already done so.

(This step assumes that you have already set up SSH on the switch.)

2. Execute ip ssh filetransfer to enable secure file transfer.

3. Use a third-party client application for SCP and SFTP commands.

Disabling TFTP and auto-TFTP for enhanced security

Using the ip ssh filetransfer command to enable SFTP automatically disables TFTP and

auto-TFTP (if either or both are enabled), as shown in Figure 136 (page 294).

Disabling TFTP and auto-TFTP for enhanced security 293