4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

311

312

313

314

315

316

317

318

319

320

309

interface interface-type interface-number: Specifies a source interface by its type and number. The IPv6

address of this interface is the source IPv6 address to send packets.

Ipv6 ipv6-address: Specifies a source IPv6 address.

Usage guidelines

When the client's authentication method is publickey, the client must get the local private key for digital

signature. Because the publickey authentication uses either RSA or DSA algorithm, you must specify an

algorithm (by using the identity-key keyword) in order to get the correct data for the local private key.

Examples

# Connect an SCP client to the SCP server 2000::1, specify the public key of the server as svkey, and

download the file abc.txt from the server. The SCP client uses publickey authentication. Use the following

algorithms:

• Preferred key exchange algorithm is dh-group14.

• Preferred server-to-client encryption algorithm is aes128.

• Preferred client-to-server HMAC algorithm is sha1.

• Preferred server-to-client HMAC algorithm is sha1-96.

• Preferred compression algorithm between the server and client is zlib.

<Sysname> scp ipv6 2000::1 get abc.txt prefer-kex dh-group14 prefer-stoc-cipher aes128

prefer-ctos-hmac sha1 prefer-stoc-hmac sha1-96 prefer-compress zlib publickey svkey

sftp

Use sftp to establish a connection to an IPv4 SFTP server and enter SFTP client view.

Syntax

In non-FIPS mode:

sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { dsa | rsa } |

prefer-compress zlib | prefer-ctos-cipher { 3des | aes128 | aes256 | des } | prefer-ctos-hmac { md5 |

md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } |

prefer-stoc-cipher { 3des | aes128 | aes256 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 |

sha1-96 } ] * [ dscp dscp-value | publickey keyname | source { interface interface-type interface-number

| ip ip-address } ] *

In FIPS mode:

sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ id

entity-key rsa | prefer-compress zlib

| prefer-ctos-cipher { aes128 | aes256 } | prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14

| prefer-stoc-cipher { aes128 | aes256 } | prefer-stoc-hmac { sha1 | sha1-96 } ] * [ publickey keyname

| source { interface interface-type interface-number | ip ip-address } ] *

Views

User view

Predefined user roles

network-admin

Parameters

server: Specifies a server by its IPv4 address or host name, a case-insensitive string of 1 to 253

characters.