R0106-HP MSR Router Series Security Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

421

422

423

424

425

426

427

428

429

430

408

In FIPS mode:

sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key rsa | prefer-compress zlib

| prefer-ctos-cipher { aes128 | aes256 } | prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14

| prefer-stoc-cipher { aes128 | aes256 } | prefer-stoc-hmac { sha1 | sha1-96 } ] * [ publickey keyname

| source { interface interface-type interface-number s | ip ip-address } ] *

Views

User view

Predefined user roles

network-admin

Parameters

server: Specifies a server by its IPv4 address or host name, a case-insensitive string of 1 to 253

characters.

port-number: Specifies the port number of the server, in the range of 1 to 65535. The default is 22.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the server belongs, where

vpn-instance-name is a case-sensitive string of 1 to 31 characters.

identity-key: Specifies a public key algorithm for the client, either dsa or rsa. The default is dsa. If the

server uses publickey authentication, this keyword must be specified.

• dsa: Specifies the public key algorithm dsa.

• rsa: Specifies the public key algorithm rsa.

prefer-compress: Specifies the preferred compression algorithm between the server and the client. By

default, compression is not supported.

zlib: Specifies the compression algorithm zlib.

prefer-ctos-cipher: Specifies the preferred client-to-server encryption algorithm. The default is des in low

encryption and aes128 in high encryption. Algorithms des, 3des, aes128, and aes256 are arranged in

ascending order in the aspects of security strength and calculation time.

• 3des: Specifies the encryption algorithm 3des-cbc.

• aes128: Specifies the encryption algorithm aes128-cbc.

• aes256: Specifies the encryption algorithm aes256-cbc.

• des: Specifies the encryption algorithm des-cbc.

prefer-ctos-hmac: Specifies the preferred client-to-server HMAC algorithm. The default is sha1.

Algorithm sha1 features stronger security but costs more time in calculation than md5.

• md5: Specifies the HMAC algorithm hmac-md5.

• md5-96: Specifies the HMAC algorithm

hmac-md5-96.

• sha1: S

pecifies the HMAC algorithm hmac-sha1.

• sha1-96: Specifies the HMAC algorithm hmac-sha1-96.

prefer-kex: Specifies the preferred key exchange algorithm. The default is dh-group-exchange in

non-FIPS mode and dh-group14 in FIPS mode. Algorithm dh-group14 features stronger security but costs

more time in calculation than dh-group1.

• dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.

• dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.

• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.