F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices System Management and Maintenance Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

221

222

223

224

225

226

227

228

229

230

214

• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.

prefer-stoc-cipher: Specifies the preferred encryption algorithm from server to client, defaulted to

aes128.

prefer-stoc-hmac: Specifies the preferred HMAC algorithm from server to client, defaulted to sha1-96.

Usage guidelines

When the server adopts publickey authentication to authenticate a client, the client must get the local

private key for digital signature. As the publickey authentication uses either RSA or DSA algorithm, you

must specify an algorithm of the client (by using the identity-key keyword) in order to get the correct data

for the local private key.

Examples

# Connect to the SCP server (192.168.0.1), download the file remote.bin from the server, and save it

locally to the file local.bin

<Sysname> scp 192.168.0.1 get remote.bin local.bin

sftp

Use sftp to establish a connection to an IPv4 SFTP server and enter SFTP client view.

Syntax

In non-FIPS mode:

sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { dsa | rsa } |

prefer-compress { zlib | zlib-openssh } | prefer-ctos-cipher { 3des | aes128 | aes256 | des } |

prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1

| dh-group14 } | prefer-stoc-cipher { 3des | aes128 | aes256 | des } | prefer-stoc-hmac { md5 |

md5-96 | sha1 | sha1-96 } ] *

In FIPS mode:

sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key rsa | prefer-ctos-cipher

{ aes128 | aes256 } | prefer-ctos-hmac { sha1 | sha1

-96 } | prefer-kex dh-group14 | prefer-stoc-cipher

{ aes128 | aes256 } | prefer-stoc-hmac { sha1 | sha1-96 } ] *

Views

User view

Default command level

3: Manage level

Parameters

server: IPv4 address or host name of the server, a case-insensitive string of 1 to 20 characters.

port-number: Port number of the server, in the range of 0 to 65535. The default is 22.

vpn-instance vpn-instance-name: Specifies the VPN that the server belongs to, where the

vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the server is on the public

network, do not specify this option.

identity-key: Specifies the algorithm for publickey authentication. In non-FIPS mode, the algorithm is

either dsa or rsa and the default is dsa. In FIPS mode, the algorithm is rsa.

• dsa: Specifies the public key algorithm dsa.

• rsa: Specifies the public key algorithm rsa.