R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
169
To configure the SFTP connection idle timeout period:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure the SFTP connection
idle timeout period.
sftp server idle-timeout
time-out-value
Optional.
10 minutes by default.
Configuring the device an SFTP client
Specifying a source IP address or interface for the SFTP client
You can configure a client to use only a specified source IP address or interface to access the SFTP server,
enhancing the service manageability.
To specify a source IP address or interface for the SFTP client:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify a source IP
address or interface
for the SFTP client.
• Specify a source IPv4 address or interface for the
SFTP client:
sftp client source { ip ip-address | interface
interface-type interface-number }
• Specify a source IPv6 address or interface for the
SFTP client:
sftp client ipv6 source { ipv6 ipv6-address | interface
interface-type interface-number }
Use either command.
By default, an SFTP
client uses the IP
address of the
interface specified by
the route of the device
to access the SFTP
server.
Establishing a connection to the SFTP server
Establishing a connection to the IPv4 SFTP server
Task Command
Remarks
Establish a connection
to the IPv4 SFTP server
and enter SFTP client
view.
• In non-FIPS mode:
sftp server [ port-number ] [ vpn-instance vpn-instance-name ]
[ identity-key { dsa | rsa } | prefer-ctos-cipher { 3des | aes128 |
aes256 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 |
sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 |
dh-group14 } | prefer-stoc-cipher { 3des | aes128 | aes256 |
des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] *
• In FIPS mode:
sftp server [ port-number ] [ vpn-instance vpn-instance-name ]
[ identity-key rsa | prefer-ctos-cipher { aes128 | aes256 } |
prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14 |
prefer-stoc-cipher { aes128 | aes256 } | prefer-stoc-hmac { sha1
| sha1-96 } ] *
Use either
command in
user view.