Example for Configuring an SCP Client

Networking Requirements

Compared with the SFTP protocol, the SCP protocol can authenticate user identity while transferring files, improving configuration efficiency.

As shown in Figure 1, routes between the SSH server and the device functioning as the SCP client are reachable. The SCP client can download files from the SSH server.

Figure 1 Networking diagram for managing files when the device functions as an SCP client

Configuration Roadmap

The configuration roadmap is as follows:

Generate a local key pair on the SSH server.
Create an SSH user on the SSH server.
Enable the SCP function on the SSH server.
Download the backup.cfg file from the SSH server.

Procedure

Generate a local key pair on the SSH server.

<HUAWEI> system-view
[HUAWEI] sysname SSH_Server
[SSH_Server] dsa local-key-pair create
Info: The key name will be: SSH_Server_Host_DSA.
Info: The key modulus can be any one of the following : 1024, 2048.
Info: If the key modulus is greater than 512, it may take a few minutes.
Please input the modulus [default=2048]:
Info: Generating keys...
Info: Succeeded in creating the DSA host keys.

Create an SSH user on the SSH server.

# Configure the VTY user interface.

[SSH_Server] user-interface vty 0 14
[SSH_Server-ui-vty0-14] authentication-mode aaa
[SSH_Server-ui-vty0-14] protocol inbound ssh
[SSH_Server-ui-vty0-14] quit

# Create an SSH user client001 and set the authentication mode to password and service type to all.

[SSH_Server] ssh user client001
[SSH_Server] ssh user client001 authentication-type password
[SSH_Server] ssh user client001 service-type all

# Set the password of the client001 user to Helloworld@6789.

[SSH_Server] aaa
[SSH_Server-aaa] local-user client001 password irreversible-cipher Helloworld@6789
[SSH_Server-aaa] local-user client001 service-type ssh
[SSH_Server-aaa] local-user client001 privilege level 3 
[SSH_Server-aaa] quit

Enable the SCP function on the SSH server.
```
[SSH_Server] scp server enable
```

Download the backup.cfg file from the SSH server.

# If the client connects to the SSH server for the first time, enable the initial authentication function on the client.

<HUAWEI> system-view
[HUAWEI] sysname SCP_Client
[SCP_Client] ssh client first-time enable

# Download the backup.cfg file from the remote SSH server at 10.1.1.1 using AES-256 encryption to the local user's directory.

[SCP_Client] scp -cipher aes256 client001@10.1.1.1:backup.cfg backup.cfg
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
The server has not been authenticated. Continue to access it? [Y/N]:y
Do you want to save the server's public key? [Y/N]:y
The server's public key will be saved with the name 10.1.1.1. Please wait.
..
Enter password:
backup.cfg                     100%        19174Bytes            7KByte(s)/sec

Configuration File

SSH_Server configuration file

#
sysname SSH_Server
#
aaa
 local-user client001 password irreversible-cipher $1a$P2m&M5d"'JHR7b~SrcHF\Z\,2R"t&6V|zOLh9y$>M\bjG$D>%@Ug/<3I$+=Y$
 local-user client001 privilege level 3
 local-user client001 service-type ssh
#
scp server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type all  
#
user-interface vty 0 14
 authentication-mode aaa
#
return

SCP_Client configuration file

#
sysname SCP_Client
#
ssh client first-time enable
#
return