R0106-HP MSR Router Series Security Configuration Guide(V7)
356
Network requirements
As shown in Figure 104:
• You can log in to Router B through the SCP client that runs on Router A.
• After login, you are assigned the user role network-admin and can securely transfer files with
Router B.
• Router B uses the password authentication method.
• The client's username and password are saved on Router B.
Figure 104 Network diagram
Configuration procedure
1. Configure the SCP server:
# Generate the RSA key pairs.
<RouterB> system-view
[RouterB] public-key local create rsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
........................++++++
...................++++++
..++++++++
............++++++++
Create the key pair successfully.
# Generate a DSA key pair.
[RouterB] public-key local create dsa
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+
...+.................+..........+...+.
Create the key pair successfully.
# Enable the SSH server function.
[RouterB] ssh server enable
# Configure an IP address for GigabitEthernet 2/1/1. The client uses this address as the
destination for SCP connection.
Router BRouter A
GE2/1/1
192.168.0.2/24
SCP client SCP server
GE2/1/1
192.168.0.1/24