KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

291

292

293

294

295

296

297

298

299

300

Similarly, while SFTP is enabled, TFTP cannot be enabled using an SNMP management

application. Attempting to do so generates an "inconsistent value" message. (An SNMP

management application cannot be used to enable or disable auto-TFTP.)

• To enable SFTP by using an SNMP management application, you must first disable TFTP and,

if configured, auto-TFTP on the switch. You can use either an SNMP application or the CLI to

disable TFTP, but you must use the CLI to disable auto-TFTP. The following CLI commands

disable TFTP and auto-TFTP on the switch.

Enabling SSH V2 (required for SFTP)

HP Switch(config)# ip ssh version 2

NOTE: As a matter of policy, administrators should not enable the SSH V1-only or the SSH

V1-or-V2 advertisement modes. SSHv1 is supported on only some legacy switches (such as the HP

Switch Series 2500 switches.)

Viewing SSH

HP Switch(config)# show ip ssh

Once you have confirmed that you have enabled an SSH session (with the show ip ssh

command), enter ip ssh filetransfer so that SCP and/or SFTP can run. You can then open

your third-party software client application to begin using the SCP or SFTP commands to safely

transfer files or issue commands to the switch.

NOTE: Any attempts to use SCP or SFTP without using ip ssh filetransfer cause the SCP

or SFTP session to fail. Depending on the client software in use, you will receive an error message

on the originating console, for example:

IP file transfer not enabled on the switch

Disabling secure file transfer

HP Switch(config)# no ip ssh filetransfer

Authentication

Switch memory allows up to ten public keys. This means the authentication and encryption keys

you use for your third-party client SCP/SFTP software can differ from the keys you use for the SSH

session, even though both SCP and SFTP use a secure SSH tunnel.

NOTE: SSH authentication is mutually exclusive with RADIUS servers.

Some clients, such as PSCP (PuTTY SCP), automatically compare switch host keys for you. Other

clients require you to manually copy and paste keys to the $HOME/.ssh/known_hosts file.

Whatever SCP/SFTP software tool you use, after installing the client software you must verify that

the switch host keys are available to the client.

Because the third-party software utilities you may use for SCP/SFTP vary, you should refer to the

documentation provided with the utility you select before performing this process.

SCP/SFTP operating notes

• When an SFTP client connects, the switch provides a file system displaying all of its available

files and folders. No file or directory creation is permitted by the user. Files may be only

uploaded or downloaded, according to the permissions mask. All of the necessary files the

Disabling TFTP and auto-TFTP for enhanced security 295