R2511-HP MSR Router Series Security Command Reference(V5)
435
must specify an algorithm of the client (by using the identity-key keyword) in order to get the correct data
for the local private key.
Examples
# Connect to the SCP server 192.168.0.1, download the file remote.bin from the server, and save it locally
to the file local.bin
<Sysname> scp 192.168.0.1 get remote.bin local.bin
sftp
Use sftp to establish a connection to an IPv4 SFTP server and enter SFTP client view.
Syntax
In non-FIPS mode:
sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { dsa | rsa } |
prefer-compress { zlib | zlib-openssh } | prefer-ctos-cipher { 3des | aes128 | aes256 | des } |
prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1
| dh-group14 } | prefer-stoc-cipher { 3des | aes128 | aes256 | des } | prefer-stoc-hmac { md5 |
md5-96 | sha1 | sha1-96 } ] *
In FIPS mode:
sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key rsa | prefer-ctos-cipher
{ aes128 | aes256 } | prefer-ctos-hmac { sha1 | sha1-96 } | pr
efer-kex dh-group14 | prefer-stoc-cipher
{ aes128 | aes256 } | prefer-stoc-hmac { sha1 | sha1-96 } ] *
Default
The following matrix shows the default algorithms used in non-FIPS and FIPS and modes:
Preferred algorithm In non-FIPS mode In FIPS mode
Public key algorithm dsa rsa
Preferred client-to-server encryption
algorithm
aes128 aes128
Preferred client-to-server HMAC
algorithm
sha1-96 sha1-96
Preferred key exchange algorithm dh-group-exchange dh-group14
Preferred server-to-client encryption
algorithm
aes128 aes128
Preferred server-to-client HMAC
algorithm
sha1-96 sha1-96
Views
User view
Default command level
3: Manage level
Parameters
server: Specifies a server by its IPv4 address or host name, a case-insensitive string of 1 to 20 characters.
port-number: Specifies the port number of the server, in the range of 0 to 65535. The default is 22.