R3166-R3206-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
161
Configuration procedure
1. Configure the SFTP server
# Generate RSA and DSA key pairs and enable the SSH server.
<Firewall> system-view
[Firewall] public-key local create rsa
[Firewall] public-key local create dsa
[Firewall] ssh server enable
# Enable the SFTP server.
[Firewall] sftp server enable
# Configure an IP address for interface GigabitEthernet0/0, which the client will use as the destination
for SSH connection.
[Firewall] interface gigabitethernet 0/0
[Firewall-GigabitEthernet0/0] ip address 192.168.1.45 255.255.255.0
[Firewall-GigabitEthernet0/0] quit
# Set the authentication mode of the user interfaces to AAA.
[Firewall] user-interface vty 0 4
[Firewall-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[Firewall-ui-vty0-4] protocol inbound ssh
[Firewall-ui-vty0-4] quit
# Configure a local user named client002 with the password being aabbcc and the service type being
SSH.
[Firewall] local-user client002
[Firewall-luser-client002] password simple aabbcc
[Firewall-luser-client002] service-type ssh
[Firewall-luser-client002] quit
# Configure the user authentication type as password and service type as SFTP.
[Firewall] ssh user client002 service-type sftp authentication-type password
2. Configure the SFTP client
NOTE:
• There are many kinds of SSH client software. The following takes the PSFTP of Putty Version 0.58 as an
example.
• The PSFTP supports only password authentication.
# Establish a connection with the remote SFTP server.
Run the psftp.exe to launch the client interface as shown in Figure 74, a
nd enter the following command:
open 192.168.1.45
Enter username client002 and password aabbcc as prompted to log into the SFTP server.