Configuring the SCP Client

Procedure

1. Run system-view

   The system view is displayed.

2. (Optional) Run scp client-source { -a source-ip-address [ public-net | -vpn-instance vpn-instance-name ] | -i { interface-type interface-number | interface-name } } or scp ipv6 client-source -a ipv6-address [ -vpn-instance ipv6-vpn-instance-name ]

   A source address is configured for the SCP client.

3. (Optional) Run ssh client cipher { des_cbc | 3des_cbc | aes128_cbc | aes192_cbc | aes256_cbc | aes128_ctr | aes192_ctr | aes256_ctr | arcfour128 | arcfour256 | aes128_gcm | aes256_gcm } ^*

   An encryption algorithm is configured for the SSH client.

   

   des_cbc, 3des_cbc, aes128_cbc, aes192_cbc, aes256_cbc, arcfour128, and arcfour256 are of weak security. Therefore, do not add them to the encryption algorithm list. The aes128_ctr, aes256_ctr, aes192_ctr, aes128_gcm, and aes256_gcm algorithms are recommended because they are more secure.

4. (Optional) Run ssh client hmac { md5 | md5_96 | sha1 | sha1_96 | sha2_256 | sha2_256_96 | sha2_512 } ^*

   An HMAC authentication algorithm is configured for the SSH client.

   

   sha2_256_96, sha1, sha1_96, md5, and md5_96 are of weak security. Therefore, do not add them to the authentication algorithm list.

5. Run either of the following operations based on the network protocol to upload files to or download files from the SCP server.

   • On an IPv4 network:

     Run the scp [ -a source-ip-address ] [ -force-receive-pubkey ] [ -port port-number | public-net | vpn-instance vpn-instance-name | identity-key identity-key-type | user-identity-key user-key | -r | -c | -cipher cipher | -prefer-kex prefer-kex ] ^* source-filename destination-filename or scp { -i interface-name | interface-type interface-number } [ -force-receive-pubkey ] [ -port port-number | identity-key identity-key-type | user-identity-key user-key | -r | -c | -cipher cipher| -prefer-kex prefer-kex ] ^* source-filename destination-filename command.

   • On an IPv6 network:

     Run the scp ipv6 [ [ vpn-instance vpn-instance-name ] | public-net ] [ -force-receive-pubkey ] [ [ -port server-port ] | [ identity-key identity-key-type ] | [ user-identity-key user-key ] | [ [ -a source-ipv6-address ] | [ -oi { interface-name | interface-type interface-number } ] ] | -r | -c | [ -cipher cipher ] | [ -prefer-kex prefer-kex } ] ] * source-filename destination-filename command.

   

   For security purposes, do not use the RSA algorithm whose modulus bit value is less than 2048 for the SSH user. You are advised to use the ECC authentication algorithm instead.

6. Run commit

   The configuration is committed.