The sftp command enables the system to log in to another device from the current device through SFTP.
sftp [ -a source-ip-address ] [ -force-receive-pubkey ] host-ip-address [ port-number ] [ [ prefer_kex { prefer_kex } ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ prefer_ctos_compress zlib ] | [ prefer_stoc_compress zlib ] | [ public-net | -vpn-instance vpn-instance-name ] | [ -ki interval ] | [ -kc count ] | [ identity-key identity-key-type ] | [ user-identity-key user-key ] ] *
sftp ipv6 [ -force-receive-pubkey ] [ -a source-ipv6-address ] host-ipv6-address [ [ [ -vpn-instance vpn-instance-name ] | public-net ] | [ -oi { interface-name | interface-type interface-number } ] | [ port-number ] | [ prefer_kex { prefer_kex } ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ prefer_ctos_compress zlib ] | [ prefer_stoc_compress zlib ] | [ -ki interval ] | [ -kc count ] | [ identity-key identity-key-type ] | [ user-identity-key user-key ] ] *
sftp -i { interface-name | interface-type interface-number } [ -force-receive-pubkey ] host-ip-address [ port-number ] [ [ prefer_kex { prefer_kex } ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ prefer_ctos_compress zlib ] | [ prefer_stoc_compress zlib ] | [ -ki interval ] | [ -kc count ] | [ identity-key identity-key-type ] | [ user-identity-key user-key ] ] *
| Parameter | Description | Value |
|---|---|---|
| -a source-ipv6-address |
Specifies the SFTP source IPv6 address. |
The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
| -a source-ip-address |
Specifies the SFTP source IP address. |
The value is in dotted decimal notation. |
| -force-receive-pubkey |
Indicates that a server forcibly receives public key authentication. |
- |
| host-ip-address |
Specifies the IP address of remote system. |
The value is in dotted decimal notation. |
| port-number |
Specifies the port number of the SSH server. |
The value is an integer ranging from 1 to 65535. The default value is 22. |
| prefer_kex prefer_kex |
Specifies the preferred algorithm for key exchange. |
Preferred algorithms for key exchange supported depend on the ssh client key-exchange command settings. |
| prefer_ctos_cipher prefer_ctos_cipher |
Specifies the preferred encryption algorithm for packets from the client to the server. |
Encryption algorithms supported depend on the ssh client cipher command settings. |
| prefer_stoc_cipher prefer_stoc_cipher |
Specifies the preferred encryption algorithm for packets from the server to the client. |
Encryption algorithms supported depend on the ssh client cipher command settings. |
| prefer_ctos_hmac prefer_ctos_hmac |
Specifies the preferred HMAC algorithm for packets from the client to the server. |
Preferred HMAC algorithms supported depend on the ssh client hmac command settings. |
| prefer_stoc_hmac prefer_stoc_hmac |
Specifies the preferred HMAC algorithm for packets from the server to the client. |
Preferred HMAC algorithms supported depend on the ssh client hmac command settings. |
| prefer_ctos_compress |
Specifies the preferred compression algorithm for packets from the server to the client. Currently, it can only be zlib. |
The default algorithm is none. |
| zlib |
Specifies the preferred compression algorithm for packets is zlib. |
- |
| prefer_stoc_compress |
Specifies the preferred compression algorithm for packets from a client to the server. Currently, it can only be zlib. |
- |
| public-net |
Indicates that the SFTP server resides on a public network. |
- |
| -vpn-instance vpn-instance-name |
Specifies a VPN instance name. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string. |
| -ki interval |
Specifies an interval at which keepalive packets are sent if no data is received. |
The value is an integer ranging from 1 to 3600, in seconds. |
| -kc count |
Specifies the maximum number of times that a server does not respond to keepalive packets. |
The value is an integer ranging from 1 to 30. |
| identity-key identity-key-type |
Specifies the public key for server authentication. |
Currently, the RSA_SHA2_512, RSA_SHA2_256, RSA, DSA, SM2, and ECC algorithms are supported. The default algorithm is ECC. To ensure high security, do not use the RSA algorithm whose length is less than 2048 digits. You are advised to use RSA SHA2-512 or RSA SHA2-256 authentication algorithm which ensures higher security. |
| user-identity-key user-key |
Specifies the public key for user authentication. |
Currently, the RSA_SHA2_512, RSA_SHA2_256, RSA, DSA, SM2, and ECC algorithms are supported. The default algorithm is ECC. To ensure high security, do not use the RSA algorithm whose length is less than 2048 digits. You are advised to use RSA SHA2-512 or RSA SHA2-256 authentication algorithm which ensures higher security. |
| ipv6 |
Specifies the IPv6 SFTP. |
- |
| host-ipv6-address |
Specifies the IPv6 address of remote system. |
The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
| -oi |
Specifies the source interface for the IPv6 client, including the type and number of the interface. If no IPv6 address is configured for the source interface, the connection cannot be set up. |
- |
| interface-type interface-number |
Specifies the source interface for the client, including the type and number of the interface. |
- |
| -i interface-name |
Specifies the egress interface name. |
- |
Usage Scenario
SFTP is short for SSH FTP, which is a secure FTP protocol. SFTP is established over SSH and enables remote users to securely log in to a device for file management and transfer. This ensures data transmission security. In addition, the device provides the SFTP client function so that you can log in to a remote SSH server from the device to securely transfer files.
When the SFTP server or its connection to a client fails, the client must detect the fault in time and release the connection. To achieve this goal, before a client logs in to the server through SFTP, configure an interval at which keepalive packets are sent if no data is received and the maximum number of times that the server does not respond. If the client does not receive any data within the specified interval, it sends a keepalive packet to the server. If the maximum number of times that the server does not respond exceeds the specified value, the client tears down the connection.
Prerequisites
A VPN instance has been configured using the ip vpn-instance command.
The SFTP service has been enabled on the SSH server using the sftp [ ipv4 | ipv6 ] server enable command.
Precautions
<HUAWEI> system-view [~HUAWEI] ip vpn-instance ssh [*HUAWEI-vpn-instance-ssh] quit [*HUAWEI] sftp -a 10.1.1.1 10.2.2.2 1025 -vpn-instance ssh Trying 10.1.1.1... Press CTRL+K to abort Connected to 10.1.1.1... Please input the username: client001 Enter password:
<HUAWEI> system-view [~HUAWEI] sftp ipv6 2001:db8:1::1 1025 Trying 2001:db8:1::1... Press CTRL+K to abort Connected to 2001:db8:1::1... Please input the username: client001 Enter password: