4000 Router Series Security Configuration Guide

243

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

-rwxrwxrwx 1 noone nogroup 225 Sep 01 06:55 pub

drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2

# Download the pubkey2 file from the server and save it as a local file public.

sftp> get pubkey2 public

Fetching / pubkey2 to public

/pubkey2 100% 225 1.4KB/s 00:00

# Upload a local file named pu to the server, save it as puk, and verify the result.

sftp> put pu puk

Uploading pu to / puk

sftp> dir

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 config.cfg

-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2

-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey

drwxrwxrwx 1 noone nogroup 0 Sep 01 06:22 new

drwxrwxrwx 1 noone nogroup 0 Sep 02 06:33 new2

-rwxrwxrwx 1 noone nogroup 283 Sep 02 06:35 pub

-rwxrwxrwx 1 noone nogroup 283 Sep 02 06:36 puk

sftp>

# Exit SFTP client view.

sftp> quit

SCP file transfer with password authentication

Unless otherwise noted, the devices in the configuration examples are in non-FIPS mode.

If you configure an SCP server in FIPS mode, follow these guidelines:

• The modulus length of the key pair must be 2048 bits.

• Do not generate a DSA key pair on the SCP server. Only RSA key pairs are supported.

Network requirements

As shown in Figure 68, Router A acts as an SCP client, and Router B acts as an SCP server. A user can

securely transfer files with Router B through Router A. Router B uses the password authentication method

and the client's username and password are saved on Router B.

Figure 68 Network diagram

Configuration procedure

1. Configure the SCP server:

# Generate the RSA key pairs.