Got it

Example for Accessing Files on Other Devices Using SFTP

268 0 0 0 0


SFTP is an SSH-based secure file transfer protocol, which uses secure connections for data transmission. After a switch is configured as an SFTP client, the remote SFTP server can authenticate the client and encrypt data in bidirectional mode to ensure secure file transfer and directory management.

SFTP is applicable to accessing files on other devices when high network security is required, and is used for uploading and downloading logs.

Configuration Notes

Before accessing files on the SSH server using SFTP, ensure that routes are reachable between the switch and the SSH server.

SFTP V1 is an insecure protocol. Using SFTP V2 or FTPS is recommended.

This example applies to all versions of all S series switches.

imgDownload?uuid=a8df01c8ed9e4080b60ab08 NOTE:

The following uses the command lines and outputs of the S5720EI running V200R008C00 as an example.

Networking Requirements

As shown in Figure 3-25, the routes between the SSH server and clients client001 and client002 are reachable. A Huawei switch is used as the SSH server in this example.

The clients client001 and client002 are required to connect to the SSH server in password and DSA authentication modes respectively to ensure secure access to files on the SSH server.

Figure 3-25  Networking diagram for accessing files on another device using SFTP 

Configuration Roadmap

The configuration roadmap is as follows:

Generate a local key pair on the SSH server and enable the SFTP server function to implement secure data exchange between the server and client.

Configure the clients client001 and client002 on the SSH server to log in to the SSH server in password and DSA authentication modes, respectively.

Generate a local key pair on client002 and configure the generated DSA public key on the SSH server, which implements authentication for the client when a user logs in to the server from the client.

On the SSH server, enable client001 and client002 to log in to the SSH server using SFTP and access the files.


On the SSH server, generate a local key pa*****d enable the SFTP server function.

[HUAWEI]sysname SSH Server
[SSH Server] dsa local-key-pair create //Generate a local DSA key pair. Info: The key name will be: SSH Server_Host_DSA.
Info: The key modulus can be any one of the following : 1024, 2048.          Info: If the key modulus is greater than 512, it may take a few minutes.       Please input the modulus [default=2048]:   //Press Enter.
The default key length (2048 bits) is used. Info: Generating keys........      
Info: Succeeded in creating the DSA host keys. [SSH Server] sftp server enable   //Enable the SFTP server function. Info: Succeeded in starting the SFTP server. 

Create SSH users on the SSH server.

# Configure VTY user interfaces on the SSH server.

//Enter the user interface views of VTY 0 to VTY 4.  
//Set the authentication mode of users in VTY 0 to VTY 4 to AAA. 
//Configure the user interface views of VTY 0 to VTY 4 to support SSH.  
//Set the user level to 3.

# Create an SSH user named client001 and configure the password authentication mode for the user.

//Create an SSH user.  
//Set the authentication mode to password authentication.
//Set the user service type to SFTP.
//Set the SFTP service authorized 
//Set the login password to Helloworld@6789.  
//Set the user service type to SSH. 
//Set the user level to 3.

# Create an SSH user named client002 and configure the DSA authentication mode for the user.

//Create an SSH user. 
//Set the authentication mode to DSA authentication.   
//Set the user service type to SFTP. 
//Set the SFTP service authorized directory to flash:.

Generate a local key pair on client002 and configure the generated DSA public key on the SSH server.

# Generate a local key pair on client002.

//Generate a local DSA key pair. Info: The key name will be: SSH Server_Host_DSA.   
Info: The key modulus can be any one of the following : 1024, 2048.          
Info: If the key modulus is greater than 512, it may take a few minutes.       
Please input the modulus [default=2048]:   
//Press Enter. The default key length (2048 bits) is used. Info: Generating keys........
Info: Succeeded in creating the DSA host keys.

# Check the DSA public key generated on client002.

[client002]display dsa local-key-pair public =====================================================Time of Key pair created:2014-08-27 06:35:16+08:00
Key name: client002_Host_DSA                                   
Key modulus : 2048                                        Key type    : DSA encryption Key                              
Key fingerprint: b7:68:86:90:d8:19:f3:e6:4a:f2:e9:fd:e4:24:ef:a5                 
Key code:30820322         02820100
8B9E36D3 E4EB9CD6 EB7FD210 219AC0F4 1AD47BF1
EACD435D 39AFA8FA CB6A7819 305EE147 E428912E
60452B37 CA17D611 C2EE4C46 B4BC7726 54C26856
A99ECFA5 D800367B 31A90522 F139496F 4182DBFD
AAB59973 9AB02185 856A881F 9197368B 92DBF684
9D1C746B A27E12F9 8A28E4B6 D0587D65 5979A750
5413E91E FC961C3F 79209625 CFA8D7D4 69FA35A3
9E37B614 047D535D CD63AF30 58B3A25B 79C714B6
326B7DB6 067EBF15 3CC1A720 B0E1A7E3 9C13FEB3
BA26E6B0 52DC5BFF EE7C5C52 148FE6C2 40738FBB
8F05D416 B2B5DD72 E3629BB5 9244BF9F A29C4FCD
4EA0EE50 1FC6695D 03D68D51 9324E493 0214
C6C484E1 F0076B8A FCAD302B 98B50A3A 542ABEBB                          
3AC11746 EE959CBD 30F669C5 7E290BC4 7CB5BBFD
96AE9215 7A29C723 72FE8A02 EBED3B76 BE810B42
21AD8D32 F7723F83 59F46B66 FF7805CC 3F86D5D6
5BD424BD 70677EFF 1ACF9B3C CE02CD40 46560DA4
2036205C 6EFAB148 66E6A106 0DF6258B EE31CFE7
4B6C59B4 6FE59A9F BE64F982 EC36A669 FF597FB7
9A56E32E C15A0659 3D17C407 29F587C7 74959017
62B08070 24564B2E E79C6E1D 86793548 76CC662A
1D3DE1D1 2C79E102 C0B10E5C 9C4428B3 AEB93278
26D4CDE5 189A93EA 531E0FF8 2199EF35 DF038976
4538434F F39924F0 5BF17AC8 8E340991 B5EA0A62
A915EE63 F660C092 360C5D2D 796AF230 DB7461F7
C15B6DBA 65C9EFAB 247DB13D 4942E2FF 02820100
D7C6399A 86F7B38C 85168EF8 692BD9B4 01AA7BCD
98559075 98039259 0C54818C 650A95C7 0A5250EB
12124E5B C4123350 C190CC8B 4FFFD418 7E8F113F
6C36AB4B A56D2D1D 2C874C75 8400DAFE 4BABF957
4EDC8E7C DF5934DB 3AD717E5 50B1096B C0B46DE5
3FB508FA CB76FF1C 42CF7082 7DDEEB47 5C5C4F64
B1C8815C 496AC1E0 04C10EDD FE849B76 6DA15B48
0C9CF0B1 10BDDC08 41A65C28 8E21ADC6 48A93DF6
14552C1F 76A401AE E06E482D 6582052E 5B11A678
A467B38A B77C1C55 D367E253 FFA44841 FC38A462
B9AC24E6 DAD01628 F09ED629 58F666C1 1DEF7BD0
634C3D13 D75F2614 8CB49AFC 498A5195 F443CA4D
C02FF228 A90D7593 AE46C5D0 4B224FEE   
Host public key for PEM format code:                             
---- BEGIN SSH2 PUBLIC KEY --                                                                                                    
-                                                  Public key code for pasting into OpenSSH authorized_keys file :              
ssh-dss AAAAB3NzaC1kc3MAAAEBAN7eulyCRNy45paRfO/rwLPm+2C+i5420+TrnNbrf9IQIZrA9BrUe/HqzUNdOa+o+stqeBkwXuFH5CiRLmBFKzfKF9YRwu5MRrS8dyZU wmhWqZ7PpdgANnsxqQUi8TlJb0GC2/2qtZlzmrAhhYVqiB+RlzaLktv2hJ0cdGuifhL5iijkttBYfWVZeadQVBPpHvyWHD95IJYlz6jX1Gn6NaOeN7YUBH1TXc1jrzBYs6Jb eccUtjJrfbYGfr8VPMGnILDhp+OcE/6zuibmsFLcW//ufFxSFI/mwkBzj7uPBdQWsrXdcuNim7WSRL+fopxPzU6g7lAfxmldA9aNUZMk5JMAAAAVAMbEhOHwB2uK/K0wK5i1 CjpUKr67AAABADrBF0bulZy9MPZpxX4pC8R8tbv9lq6SFXopxyNy/ooC6+07dr6BC0IhrY0y93I/g1n0a2b/eAXMP4bV1lvUJL1wZ37/Gs+bPM4CzUBGVg2kIDYgXG76sUhm 5qEGDfYli+4xz+dLbFm0b+Wan75k+YLsNqZp/1l/t5pW4y7BWgZZPRfEByn1h8d0lZAXYrCAcCRWSy7nnG4dhnk1SHbMZiodPeHRLHnhAsCxDlycRCizrrkyeCbUzeUYmpPq Ux4P+CGZ7zXfA4l2RThDT/OZJPBb8XrIjjQJkbXqCmKpFe5j9mDAkjYMXS15avIw23Rh98Fbbbplye+rJH2xPUlC4v8AAAEAVkz2m0fokxPL5DekN8U42SkvxBhh7W+pMLes uDOBY9PIqfwcZqY23Oi7/eJGojmX0wYTOWi8t09Qn/LmeFNtAEaxHc4nLmvjxDuyjoTSA/AAYJDYJ6HWZoScy3mzDCUtEMGuaL/6SRUuH5wf9hMfLZzmb6ETrf8S5RZWVyZv 3TKm3/FEAH7PNQYe8BYYG3SCfvgtqYQzRTZrDL6wLbCootdHydlhfz9CtIYH3gfhnjXoq/X6HLQAFTexhBuoJ7nCtjC9c1HhJFicadQK2iY/AOOu8jCp0l6vOUH4cniOONh6 Mts9UiJNYnvZsjVJFzdkRsNpvcMBhK4/NneGPPMN+A== dsa-key

# Configure the generated DSA public key on the SSH server. The bold part in the display command output indicates the generated DSA public key. Copy the key to the SSH server.

[SSH Server]dsa peer-public-key dsakey001 encoding-type der 
[SSH Server-dsa-public-key] public-key-code begin 
[SSH Server-dsa-key-code]30820322   
[SSH Server-dsa-key-code]02820100 
[SSH Server-dsa-key-code]DEDEBA5C 8244DCB8 E696917C EFEBC0B3 E6FB60BE         
[SSH Server-dsa-key-code]8B9E36D3 E4EB9CD6 EB7FD210 219AC0F4 1AD47BF1            
[SSH Server-dsa-key-code]EACD435D 39AFA8FA CB6A7819 305EE147 E428912E                                                               
[SSH Server-dsa-key-code]60452B37 CA17D611 C2EE4C46 B4BC7726 54C26856                                                               
[SSH Server-dsa-key-code]A99ECFA5 D800367B 31A90522 F139496F 4182DBFD                                                               
[SSH Server-dsa-key-code]AAB59973 9AB02185 856A881F 9197368B 92DBF684                                                               
[SSH Server-dsa-key-code]9D1C746B A27E12F9 8A28E4B6 D0587D65 5979A750                                                               
[SSH Server-dsa-key-code]5413E91E FC961C3F 79209625 CFA8D7D4 69FA35A3                                                               
[SSH Server-dsa-key-code]9E37B614 047D535D CD63AF30 58B3A25B 79C714B6                                                               
[SSH Server-dsa-key-code]326B7DB6 067EBF15 3CC1A720 B0E1A7E3 9C13FEB3                                                               
[SSH Server-dsa-key-code]BA26E6B0 52DC5BFF EE7C5C52 148FE6C2 40738FBB                                                               
[SSH Server-dsa-key-code]8F05D416 B2B5DD72 E3629BB5 9244BF9F A29C4FCD                                                               
[SSH Server-dsa-key-code]4EA0EE50 1FC6695D 03D68D51 9324E493                                                                        
[SSH Server-dsa-key-code]0214                                                                                                       [SSH Server-dsa-key-code]C6C484E1 F0076B8A FCAD302B 98B50A3A 542ABEBB                                                               [SSH Server-dsa-key-code]02820100                                                                                                   [SSH Server-dsa-key-code]3AC11746 EE959CBD 30F669C5 7E290BC4 7CB5BBFD                                                               [SSH Server-dsa-key-code]96AE9215 7A29C723 72FE8A02 EBED3B76 BE810B42                                                              [SSH Server-dsa-key-code]21AD8D32 F7723F83 59F46B66 FF7805CC 3F86D5D6                                                               [SSH Server-dsa-key-code]5BD424BD 70677EFF 1ACF9B3C CE02CD40 46560DA4                                                               [SSH Server-dsa-key-code]2036205C 6EFAB148 66E6A106 0DF6258B EE31CFE7                                                              [SSH Server-dsa-key-code]4B6C59B4 6FE59A9F BE64F982 EC36A669 FF597FB7                                                               [SSH Server-dsa-key-code]9A56E32E C15A0659 3D17C407 29F587C7 74959017                                                               [SSH Server-dsa-key-code]62B08070 24564B2E E79C6E1D 86793548 76CC662A                                                               [SSH Server-dsa-key-code]1D3DE1D1 2C79E102 C0B10E5C 9C4428B3 AEB93278                                                               [SSH Server-dsa-key-code]26D4CDE5 189A93EA 531E0FF8 2199EF35 DF038976                                                               [SSH Server-dsa-key-code]4538434F F39924F0 5BF17AC8 8E340991 B5EA0A62                                                               [SSH Server-dsa-key-code]A915EE63 F660C092 360C5D2D 796AF230 DB7461F7                                                               [SSH Server-dsa-key-code]C15B6DBA 65C9EFAB 247DB13D 4942E2FF                                                                        [SSH Server-dsa-key-code]02820100                                                                                                   [SSH Server-dsa-key-code]D7C6399A 86F7B38C 85168EF8 692BD9B4 01AA7BCD                                                               [SSH Server-dsa-key-code]98559075 98039259 0C54818C 650A95C7 0A5250EB                                                               [SSH Server-dsa-key-code]12124E5B C4123350 C190CC8B 4FFFD418 7E8F113F                                                               [SSH Server-dsa-key-code]6C36AB4B A56D2D1D 2C874C75 8400DAFE 4BABF957                                                               [SSH Server-dsa-key-code]4EDC8E7C DF5934DB 3AD717E5 50B1096B C0B46DE5                                                               [SSH Server-dsa-key-code]3FB508FA CB76FF1C 42CF7082 7DDEEB47 5C5C4F64                                                               [SSH Server-dsa-key-code]B1C8815C 496AC1E0 04C10EDD FE849B76 6DA15B48                                                               [SSH Server-dsa-key-code]0C9CF0B1 10BDDC08 41A65C28 8E21ADC6 48A93DF6                                                               [SSH Server-dsa-key-code]14552C1F 76A401AE E06E482D 6582052E 5B11A678                                                               [SSH Server-dsa-key-code]A467B38A B77C1C55 D367E253 FFA44841 FC38A462                                                               [SSH Server-dsa-key-code]B9AC24E6 DAD01628 F09ED629 58F666C1 1DEF7BD0                                                               [SSH Server-dsa-key-code]634C3D13 D75F2614 8CB49AFC 498A5195 F443CA4D                                                               [SSH Server-dsa-key-code]C02FF228 A90D7593 AE46C5D0 4B224FEE 
[SSH Server-dsa-key-code] public-key-code end 
[SSH Server-dsa-public-key] peer-public-key end

# On the SSH server, bind the DSA public key to client002.

[SSH Server]ssh user client002 assign dsa-key dsakey001=

Connect SFTP clients to the SSH server.

# Enable the first authentication function on the SSH clients upon the first login.

[HUAWEI] sysname client001 
[client001] ssh client first-time enable   //Enable the first authentication function on client001.
[client002]ssh client first-time enable   //Enable the first authentication function on client002.

# Log in to the SSH server from client001 in password authentication mode.

[client001]sftp  Please input the username:client001                 Trying ...                                        Press CTRL+K to abort                                      
Connected to ...                                    
Please select public key type for user authentication [R for RSA; D for DSA; Enter for Skip publickey authentication; Ctrl_C for Cancel], Please select [R, D, Enter or Ctrl_C]:D                                                 
Enter password:                                          

# Log in to the SSH server from client002 in DSA authentication mode.

[client002]sftp Please input the username:client002                  Trying ...                                        Press CTRL+K to abort                                      
Connected to ...                                    
Please select public key type for user authentication [R for RSA; D for DSA; Enter for Skip publickey authentication; Ctrl_C for Cancel], Please select [R, D, Enter or Ctrl_C]:D                                                 ftp-client>

Verify the configuration.

Run the display ssh server status command on the SSH server to check whether the SFTP service is enabled. Run the display ssh user-informationcommand to check information about SSH users on the server.

# Check the status of the SSH server.

[SSH Server]display ssh server status  
SSH version :1.99  
SSH connection timeout :60 seconds  
SSH server key generating interval  :0 hours  
SSH authentication retries :3 times  
SFTP server :Enable    
Stelnet server :Disable    
Scp server  :Disable  
SSH server source : 
ACL4 number  :0 
ACL6 number  :0

# Check information about SSH users.

[SSH Server]display ssh user-information   
User 1  : 
User Name : client001        
Authentication-type  : password        
User-public-key-name : -        
User-public-key-type : -        
Sftp-directory : flash:        
Service-type         : sftp        
Authorization-cmd    : No    
User 2:        
User Name      : client002        
Authentication-type  : dsa        
User-public-key-name : dsakey001        
User-public-key-type : dsa        
Sftp-directory       : flash:        
Service-type         : sftp        
Authorization-cmd    : No

Configuration Files

SSH server configuration file

#sysname SSH Server 
# dsa peer-public-key dsakey001 encoding-type der  public-key-code begin   30820322                                                                                                                                 02820100                                                                                                                                 DEDEBA5C 8244DCB8 E696917C EFEBC0B3 E6FB60BE                                                                                           8B9E36D3 E4EB9CD6 EB7FD210 219AC0F4 1AD47BF1                                                                                           EACD435D 39AFA8FA CB6A7819 305EE147 E428912E                                                                                           60452B37 CA17D611 C2EE4C46 B4BC7726 54C26856                                                                                           A99ECFA5 D800367B 31A90522 F139496F 4182DBFD                                                                                           AAB59973 9AB02185 856A881F 9197368B 92DBF684                                                                                           9D1C746B A27E12F9 8A28E4B6 D0587D65 5979A750                                                                                           5413E91E FC961C3F 79209625 CFA8D7D4 69FA35A3                                                                                           9E37B614 047D535D CD63AF30 58B3A25B 79C714B6                                                                                           326B7DB6 067EBF15 3CC1A720 B0E1A7E3 9C13FEB3                                                                                           BA26E6B0 52DC5BFF EE7C5C52 148FE6C2 40738FBB                                                                                           8F05D416 B2B5DD72 E3629BB5 9244BF9F A29C4FCD                                                                                           4EA0EE50 1FC6695D 03D68D51 9324E493                                                                                                  0214                                                                                                                                     C6C484E1 F0076B8A FCAD302B 98B50A3A 542ABEBB                                                                                         02820100                                                                                                                                 3AC11746 EE959CBD 30F669C5 7E290BC4 7CB5BBFD                                                                                           96AE9215 7A29C723 72FE8A02 EBED3B76 BE810B42                                                                                           21AD8D32 F7723F83 59F46B66 FF7805CC 3F86D5D6                                                                                           5BD424BD 70677EFF 1ACF9B3C CE02CD40 46560DA4                                                                                           2036205C 6EFAB148 66E6A106 0DF6258B EE31CFE7                                                                                           4B6C59B4 6FE59A9F BE64F982 EC36A669 FF597FB7                                                                                           9A56E32E C15A0659 3D17C407 29F587C7 74959017                                                                                           62B08070 24564B2E E79C6E1D 86793548 76CC662A                                                                                           1D3DE1D1 2C79E102 C0B10E5C 9C4428B3 AEB93278                                                                                           26D4CDE5 189A93EA 531E0FF8 2199EF35 DF038976                                                                                           4538434F F39924F0 5BF17AC8 8E340991 B5EA0A62                                                                                           A915EE63 F660C092 360C5D2D 796AF230 DB7461F7                                                                                           C15B6DBA 65C9EFAB 247DB13D 4942E2FF                                                                                                  02820100                                                                                                                                 D7C6399A 86F7B38C 85168EF8 692BD9B4 01AA7BCD                                                                                           98559075 98039259 0C54818C 650A95C7 0A5250EB                                                                                           12124E5B C4123350 C190CC8B 4FFFD418 7E8F113F                                                                                           6C36AB4B A56D2D1D 2C874C75 8400DAFE 4BABF957                                                                                           4EDC8E7C DF5934DB 3AD717E5 50B1096B C0B46DE5                                                                                           3FB508FA CB76FF1C 42CF7082 7DDEEB47 5C5C4F64                                                                                           B1C8815C 496AC1E0 04C10EDD FE849B76 6DA15B48                                                                                           0C9CF0B1 10BDDC08 41A65C28 8E21ADC6 48A93DF6                                                                                           14552C1F 76A401AE E06E482D 6582052E 5B11A678                                                                                           A467B38A B77C1C55 D367E253 FFA44841 FC38A462                                                                                           B9AC24E6 DAD01628 F09ED629 58F666C1 1DEF7BD0                                                                                           634C3D13 D75F2614 8CB49AFC 498A5195 F443CA4D                                                                                           C02FF228 A90D7593 AE46C5D0 4B224FEE  public-key-code end peer-public-key end # aaa  local-user client001 password irreversible-cipher %^%#-=9Z)M,-aL$_U%#$W^1T-\}Fqpe$E<#H$J<6@KTSL/J'\}I-%^%#  local-user client001 privilege level 3  local-user client001 service-type ssh # sftp server enable ssh user client001 ssh user client001 authentication-type password ssh user client001 service-type sftp ssh user client001 sftp-directory flash: ssh user client002 ssh user client002 authentication-type dsa ssh user client002 assign dsa-key dsakey001 ssh user client002 service-type sftp ssh user client002 sftp-directory flash: # user-interface vty 0 4  authentication-mode aaa  user privilege level 3 # return

client001 configuration file

# sysname client001 
# ssh client first-time enable 
# return

client002 configuration file

# sysname client002 
# ssh client first-time enable 
# return

See more please click 

S6700, S7700, and S9700 Series Switches Typical Configuration Examples

  • x
  • convention:


You need to log in to comment to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits


Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.