Example for Using SFTP IPv6 to Operate Files
In this example, a local key pair is configured on the SSH server, and a username and a password are configured on the server for an SSH IPv6 user. After the SFTP IPv6 service is enabled on the server and the SFTP client is connected to the server, you can operate files between the client and the server.
Networking Requirements
As the device deployment scale increases, more and more devices need to be maintained and upgraded remotely. Online software upgrade, a new upgrade method by loading software packages remotely, facilitates remote upgrades, reduces upgrade costs, shortens the time that customers wait for upgrades, and improves customers' satisfaction. FTP is usually used to transmit data for online upgrades. FTP transmits data and even user names and passwords in plaintext, bringing security risks.
SFTP resolves the security issue. It enables you to securely log in to a remote device for file management, improving data transmission security. You can then transfer files and perform online upgrades.
As shown in Figure 1, after the SFTP IPv6 service is enabled on the device that functions as an SSH server, you can log in to the server in password, RSA, password-RSA, DSA, password-DSA, ECC, password-ECC, SM2, password-SM2, x509v3-ssh-rsa, password-x509v3-rsa, or All authentication mode from the SFTP IPv6 client.
Precautions
After you log in to the SFTP server through the console port, configure an IPv6 address of a logical interface as the source IPv6 address for SFTP login.
Configuration Roadmap
The configuration roadmap is as follows:
Configure the SSH server to generate a local key pair to securely exchange data between the client and the server.
Create an SSH IPv6 user and configure an authentication mode, username, password, and authorized directory for the user.
Enable the SFTP IPv6 service on the SSH server and configure a service type.
Data Preparation
To complete the configuration, you need the following data:
- SFTP software installed on the SFTP client
User's authentication mode (password) and username (client001)
User level (3) of client001
IPv6 address (2001:db8::1/32) of the SSH server
- IPv6 routes available between the SFTP client and server
- User type (SSH) and authentication mode (password)
Procedure
- Configure an IP address for the management interface of the SFTP server.
<HUAWEI> system-view [~HUAWEI] sysname SSH Server [*HUAWEI] commit [~SSH Server] interface GigabitEthernet0/0/0 [~SSH Server-GigabitEthernet0/0/0] undo shutdown [~SSH Server-GigabitEthernet0/0/0] ipv6 enable [*SSH Server-GigabitEthernet0/0/0] ipv6 address 2001:db8::1 32 [*SSH Server-GigabitEthernet0/0/0] quit [*SSH Server] commit
- Configure the SSH username and password on the server.
[*SSH Server] aaa [*SSH Server-aaa] local-user client001 password cipher Hello-huawei123 [*SSH Server-aaa] local-user client001 level 3 [*SSH Server-aaa] local-user client001 service-type ssh [*SSH Server-aaa] quit [*SSH Server] commit
- Enable the SFTP function and set the service type to SFTP.
[~SSH Server] interface LoopBack 0 [~SSH Server-LoopBack0] ip address 2001:db8::2 64 [*SSH Server-LoopBack0] quit [~SSH Server] sftp ipv6 server enable [*SSH Server] ssh ipv6 server-source -i loopback 0 [*SSH Server] ssh user client001 authentication-type password [*SSH Server] commit [~SSH Server] ssh user client001 service-type sftp [*SSH Server] commit
- Configure the authorized directory for the SSH user.
[~SSH Server] ssh user client001 sftp-directory home:/ [*SSH Server] commit
- Verify the configuration.
Start the SFTP software on the client, and enter the username, password, and port number (22 by default) to access the SSH server and transfer files.
SSH server configuration file
# sysname SSH Server # aaa local-user client001 password cipher @%@%.OuC6Vo7Z,A'y~/KB&,vmd@%@% local-user client001 service-type ssh local-user client001 level 3 # interface GigabitEthernet0/0/0 undo shutdown ipv6 enable ipv6 address 2001:db8::1/32 # interface LoopBack 0 ipv6 address 2001:DB8::2/64 sftp ipv6 server enable ssh ipv6 server-source -i loopback 0 ssh user client001 ssh user client001 authentication-type password ssh user client001 service-type sftp ssh user client001 sftp-directory home:/ # return