Using SFTP to Log In to Other Devices

You can log in to an SSH server from an SSH client by using SFTP.

Context

The command used for the SFTP client is similar to the command used for the STelnet client. Both commands can carry the source address, key exchange algorithm, encryption algorithm and HMAC algorithm.

Perform the following steps on the device that functions as an SSH client:

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run ssh client cipher { des_cbc | 3des_cbc | aes128_cbc | aes192_cbc | aes256_cbc | aes128_ctr | aes192_ctr | aes256_ctr | arcfour128 | arcfour256 | aes128_gcm | aes256_gcm } *

    An encryption algorithm is configured for the SSH client.

    For security purposes, you are advised to use secure algorithms such as AES128_CTR, AES256_CTR, AES192_CTR, AES128_GCM, and AES256_GCM.

  3. (Optional) Run ssh client hmac { md5 | md5_96 | sha1 | sha1_96 | sha2_256 | sha2_256_96 | sha2_512 } *

    An HMAC authentication algorithm is configured for the SSH client.

    For security purposes, you are advised to use a secure algorithm (SHA2_256 or SHA2_512.)

  4. (Optional) Run ssh client key-exchange { dh_group14_sha1 | dh_group1_sha1 | dh_group_exchange_sha1 | dh_group_exchange_sha256 | dh_group16_sha512 | ecdh_sha2_nistp256 | ecdh_sha2_nistp384 | ecdh_sha2_nistp521 | sm2_kep } *

    A key exchange algorithm list is configured for the SSH client.

    For security purposes, you are advised to use the following key exchange algorithms: dh_group16_sha512.

  5. Run either of the following commands:

    For IPv4:

    Run the sftp [ -a source-ip-address ] [ -force-receive-pubkey ] host-ip-address [ port-number ] [ [ prefer_kex prefer_kex ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ prefer_ctos_compress zlib ] | [ prefer_stoc_compress zlib ] | [ public-net | -vpn-instance vpn-instance-name ] | [ -ki interval ] | [ -kc count ] | [ identity-key identity-key-type ] | [ user-identity-key user-key ] ] * command to log in to the SSH server using an IPv4 address through SFTP and enter the SFTP client view.

    For IPv6:

    Run the sftp ipv6 [ -force-receive-pubkey ] [ -a source-ipv6-address ] host-ipv6-address [ [ [ -vpn-instance vpn-instance-name ] | public-net ] | [ -oi { interface-name | interface-type interface-number } ] [ port-number ] | [ prefer_kex { prefer_kex } ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ prefer_ctos_compress zlib ] | [ prefer_stoc_compress zlib ] | [ -ki interval ] | [ -kc count ] | [ identity-key identity-key-type ] | [ user-identity-key user-key ] ]* command to log in to the SSH server using an IPv6 address through SFTP and enter the SFTP client view.

  6. Run commit

    The configuration is committed.

Parent Topic: Using SFTP to Access Other Devices
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >