< Home

sftp client-transfile

Function

The sftp client-transfile command uploads files to or downloads files from the SFTP server.

Format

# Establish an SFTP connection on an IPv4 network.

sftp client-transfile { get | put } [ -a source-address | -i interface-type interface-number ] host-ip host-ipv4 [ port ] [ [ public-net | -vpn-instance vpn-instance-name ] | prefer_kex prefer_key-exchange | identity-key { rsa | dsa | ecc } | prefer_ctos_cipher prefer_ctos_cipher | prefer_stoc_cipher prefer_stoc_cipher | prefer_ctos_hmac prefer_ctos_hmac | prefer_stoc_hmac prefer_stoc_hmac | -ki aliveinterval | -kc alivecountmax ] * username user-name password password sourcefile source-file [ destination destination ]

# Establish an SFTP connection on an IPv6 network.

sftp client-transfile { get | put } ipv6 [ -a source-address ] host-ip host-ipv6 [ -oi interface-type interface-number ] [ port ] [ -vpn-instance vpn-instance-name | prefer_kex prefer_key-exchange | identity-key { rsa | dsa | ecc } | prefer_ctos_cipher prefer_ctos_cipher | prefer_stoc_cipher prefer_stoc_cipher | prefer_ctos_hmac prefer_ctos_hmac | prefer_stoc_hmac prefer_stoc_hmac | -ki aliveinterval | -kc alivecountmax ] * username user-name password password sourcefile source-file [ destination destination ]

Parameters

Parameter

Description

Value

get

Downloads files from the SFTP server.

-

put

Uploads files to the SFTP server.

-

-a source-address

Specifies the source address of an SFTP client.

-

-i interface-type interface-number

Specifies the source interface of an SFTP client.

-

host-ip host-ipv4

Specifies the IPv4 address or host name of an SFTP server.

The value is a string of 1 to 255 case-insensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.

port

Specifies the current monitoring port number on the SFTP server.

Only when the monitoring port number on the SFTP server is 22, the SFTP client can log in without a port number being specified. If the monitoring port number on the SFTP server is not 22, you must specify a port number for the SFTP client to log in.

The value is an integer ranging from 1 to 65535. The default value is 22.

public-net

Establishes the SFTP connection on a public network.

-

-vpn-instance vpn-instance-name

Specifies the name of a VPN instance.

The SFTP connection is established on a private network.

The value must be an existing VPN instance name.

prefer_kex prefer_key-exchange

Specifies a preferred algorithm for key exchange.
  • dh_exchange_group
  • dh_exchange_group_sha256
  • dh_group14_sha1
  • dh_group14_sha256
  • dh_group15_sha512
  • dh_group16_sha512

The default algorithm is dh_exchange_group.

NOTE:

The dh_exchange_group algorithm is recommended.

identity-key

Specifies a public key algorithm for the server authentication.
  • dsa
  • rsa
  • ecc

The default algorithm is rsa.

NOTE:

To improve security, it is not recommended that you use RSA or DSA as the authentication algorithm.

prefer_ctos_cipher prefer_ctos_cipher

Specifies the preferred encryption algorithm for packets from the client to the server
  • 3des
  • aes128
  • aes256
  • aes128_ctr(Advanced Encryption Standard 128_ctr)
  • aes256_ctr(Advanced Encryption Standard 256_ctr)

The default algorithm is aes256_ctr.

To improve security, it is recommended that you use aes128_ctr, and aes256_ctr algorithms.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select one from 3des, aes128, aes256, aes128_ctr, and aes256_ctr.

prefer_stoc_cipher prefer_stoc_cipher

Specifies the preferred encryption algorithm for packets from the server to the client.
  • 3des
  • aes128
  • aes256
  • aes128_ctr
  • aes256_ctr

The default algorithm is aes256_ctr.

To improve security, it is recommended that you use aes128_ctr, and aes256_ctr algorithms.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select one from 3des, aes128, aes256, aes128_ctr, and aes256_ctr.

prefer_ctos_hmac prefer_ctos_hmac

Specifies the preferred HMAC algorithm for packets from the client to the server.
  • sha1
  • sha1_96
  • md5
  • md5_96
  • sha2_256
  • sha2_256_96

The default algorithm is sha2_256.

prefer_stoc_hmac prefer_stoc_hmac

Specifies the preferred HMAC algorithm for packets from the server to the client.
  • sha1
  • sha1_96
  • md5
  • md5_96
  • sha2_256
  • sha2_256_96

The default algorithm is sha2_256.

-ki aliveinterval

Specifies the interval at which the client sends a Keepalive packet to the server.

When the connection between the server and the client fails, the client must detect the fault in time and removes the connection proactively. Therefore, when logging in to the server using SFTP, the client must be configured with an interval at which the client sends keepalive packets to the server and the maximum number of times that the server provides no response. If a client does not receive any packet within a specified period, the client sends a Keepalive packet to the server. If the maximum number of times that the server does not respond exceeds the specified value, the client proactively removes the connection.

By default, the function of sending Keepalive packets to the server in the case of no data transmission is not configured.

The value is an integer ranging from 1 to 3600, in seconds. The default value is 60 seconds.

-kc alivecountmax

Specifies the maximum number of times that the server does not respond.

The value is an integer ranging from 3 to 10. The default value is 5.

username user-name

Specifies the user name for an SFTP connection.

The value is a string of 1 to 255 case-sensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.

password password

Specifies the password for an SFTP connection.

The value is a string of 1 to 128 case-sensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.

sourcefile source-file

Specifies the source file to be uploaded to or downloaded from the server.

The absolute path of the file ranges from 1 to 160 case-insensitive characters without spaces.

When quotation marks are used around the string, spaces are allowed in the string.

destination destination

Specifies the destination file to be uploaded to or downloaded from the server.

If destination destination is not specified, the name of the file to be downloaded from or uploaded to the server is the same as that on the SFTP server.

The absolute path of the file ranges from 1 to 160 case-insensitive characters without spaces.

When quotation marks are used around the string, spaces are allowed in the string.

ipv6

Specifies an IPv6 SFTP server.

-

-oi interface-type interface-number

Specifies the source IPv6 interface of an SFTP client.

If host-ipv6 is a link-local IPv6 address, you must specify the interface name corresponding to the link-local address. If host-ipv6 is not a link-local IPv6 address, no interface name is required.

-

host-ip host-ipv6

Specifies the IPv6 address or host name of an SFTP server.

The value is a string of 1 to 255 case-insensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To upload files to or download files from an SFTP server, run the sftp client-transfile command.

Prerequisites

The SFTP function on the SFTP server has been enabled using the sftp client-transfile command.

Configuration Impact

After a connection is established between an SFTP client and an SFTP server, they start to intercommunicate.

Precautions

If command execution fails due to ACLs on the SFTP client or the TCP connection fails, the system prompts an error message indicating that the connection to the server fails.

If the sftp client-transfile command is run for the device to connect to the SFTP server, only password authentication is supported.

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Configure the current monitoring port number 1025 on the SSH server on a private network (SFTP client on the public network), and download the sample.txt file to the SFTP client.

<HUAWEI> system-view
[HUAWEI] sftp client-transfile get host-ip 10.137.144.231 1025 -vpn-instance ssh username root password Root@123 sourcefile sample.txt

# Specify Keepalive parameters for the client that attempts to log in to the server using SFTP and download the sample.txt file to the SFTP client.

<HUAWEI> system-view
[HUAWEI] sftp client-transfile get host-ip 10.164.39.209 -ki 10 -kc 4 username root password Root@123 sourcefile sample.txt

# Configure the client to pass DSA authentication before logging in to the server using SFTP and download the sample.txt file to the SFTP client.

<HUAWEI> system-view
[HUAWEI] sftp client-transfile get host-ip 10.100.0.114 identity-key dsa username root password Root@123 sourcefile sample.txt

# Upload the sample.txt file to the IPv6 SFTP server.

<HUAWEI> system-view
[HUAWEI] sftp client-transfile put host-ip 10.100.0.114 identity-key dsa username root password Root@123 sourcefile sample.txt
Parent Topic: File Management Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >