Hi Guys,
Today I would like to share with you a secure method of managing files between systems. I bet you heard about SCP or Secure copy but if you don't know is a client-server method based on SSH that can permit secure transfer of file from a host to another.
I will make a demo about how this protocol can be configured on S5700 lan switch series using command line interface. Let's consider a client-server scenario, one switch will be the SSH server and the second one will be the SSH client.
Server configuration:
#
aaa
local-user test password cipher %@%@Bi29HO<d{Bn*kPPc|>yQK<X3Akw3X'v%a6lsdT4r-Y@ ------test@12345678901234567890
M<X6K%@%@
local-user test privilege level 3
local-user test ftp-directory flash:
local-user test service-type ssh
#
#
scp server enable
ssh authentication-type default password
ssh user test
ssh user test authentication-type password
ssh user test service-type all
ssh user test sftp-directory flash:
ssh client first-time enable
ssh client 10.136.22.176 assign rsa-key 10.136.22.176
#
Client details :
[S57SI_21_40]display dev
S5748TP-SI-AC's Device status:
Slot Sub Type Online Power Register Status Role
-------------------------------------------------------------------------------
0 - S5748TP-SI Present PowerOn Registered Normal Master
3 FAN Present PowerOn Registered Normal NA
4 POWER Present PowerOn Registered Normal NA
[S57SI_21_40]display vers
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.150 (S5700 V200R005C00SPC300)
Copyright (C) 2000-2014 HUAWEI TECH CO., LTD
Quidway S5748TP-SI-AC Routing Switch uptime is 0 week, 0 day, 1 hour, 24 minutes
CX22EFGEC 0(Master) : uptime is 0 week, 0 day, 1 hour, 23 minutes
256M bytes DDR Memory
32M bytes FLASH
Pcb Version : VER.B
Basic BOOTROM Version : 241 Compiled at Mar 21 2014, 16:57:13
CPLD Version : 6
Software Version : VRP (R) Software, Version 5.150 (V200R005C00SPC300)
FANCARD I information
Pcb Version : FAN VER.B
PWRCARD I information
Pcb Version : PWR VER.A
How it works?
[S57SI_21_40]scp test@10.136.28.114:s63ei.cfg s63ei.cfg
Trying 10.136.28.114 ...
Press CTRL+K to abort
Connected to 10.136.28.114 ...
The server is not authenticated. Continue to access it? [Y/N] :y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name 10.136.28.114. Please wait..
.
Please select public key type for user authentication [R for RSA; D for DSA; Ent
er for Skip publickey authentication; Ctrl_C for Cancel], Please select [R, D, E
nter or Ctrl_C]:
Enter password:
s63ei.cfg 100% 5783Bytes 6Kb/s
Hope to find this thread useful.
