R3303-HP HSR6800 Routers Security Configuration Guide
335
+++++++++++++++++++++++
+++++
+++++
# Generate a DSA key pair.
[Router] public-key local create dsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Press CTRL+C to abort.
Input the bits of the modulus[default = 1024]:
Generating Keys...
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++
# Enable the SSH server function.
[Router] ssh server enable
# Enable the SFTP server.
[Router] sftp server enable
# Configure an IP address for interface GigabitEthernet 3/0/1. The SFTP client uses this address
as the destination for SSH connection.
[Router] interface gigabitethernet 3/0/1
[Router-GigabitEthernet3/0/1] ip address 192.168.1.45 255.255.255.0
[Router-GigabitEthernet3/0/1] quit
# Set the authentication mode of the user interface to AAA.
[Router] user-interface vty 0 4
[Router-ui-vty0-4] authentication-mode scheme
# Enable the user interface to support SSH.
[Router-ui-vty0-4] protocol inbound ssh
[Router-ui-vty0-4] quit
# Configure a local user named client002 with the password aabbcc and the service type ssh.
[Router] local-user client002
[Router-luser-client002] password simple aabbcc
[Router-luser-client002] service-type ssh
[Router-luser-client002] quit
# Configure the user authentication method as password and service type as SFTP.
[Router] ssh user client002 service-type sftp authentication-type password
2. Establish a connection to the SFTP server:
The device supports different types of SFTP client software. The following uses PSFTP of PuTTY
version 0.58 as an example.
PSFTP supports only password authentication.
To establish a connection to the SFTP server:
a. Run the psftp.exe to launch the client interface as shown in Figure 111, and enter the following
command:
open 192.168.1.45
b. Enter username client002 and password aabbcc as prompted to log in to the SFTP server.