HP 6125XLG R2306-HP 6125XLG Blade Switch Security Configuration Guide - Page 145
default. When the device accesses an SFTP server for the first time but it is not con d with the host
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 145 highlights
When an SFTP client accesses an SFTP server, it uses the locally saved host public key of the server to authenticate the server. When acting as an SFTP client, the device supports the first authentication by default. When the device accesses an SFTP server for the first time but it is not configured with the host public key of the SFTP server, it can access the server and locally save the server's host public key for future use. In a secure network, the first authentication can simplify the configuration on the SFTP client, but it is not reliable. To establish a connection to an SFTP server: Task Establish a connection to an SFTP server. Command • Establish a connection to an IPv4 SFTP server: { In non-FIPS mode: sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key { dsa | rsa } | prefer- compress zlib | prefer-ctos-cipher { 3des | aes128 | aes256 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | aes256 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * [ publickey keyname | source { interface interface-type interface-number | ip ip-addres} ] * { In FIPS mode: sftp server [ port-number ] [ vpn-instance vpn-instance-name ] [ identity-key rsa | prefer-compress zlib | prefer-ctos-cipher { aes128 | aes256 } | prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14 | prefer-stoc-cipher { aes128 | aes256 } | prefer-stoc-hmac { sha1 | sha1-96 } ] * [ publickey keyname | source { interface interface-type interface-number | ip ip-address } ] * • Establish a connection to an IPv6 SFTP server: { In non-FIPS mode: sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type interface-number ] [ identity-key { dsa | rsa } | prefercompress zlib | prefer-ctos-cipher { 3des | aes128 | aes256 | des } | prefer-ctos-hmac { md5 | md5-96 | sha1 | sha1-96 } | prefer-kex { dh-group-exchange | dh-group1 | dh-group14 } | prefer-stoc-cipher { 3des | aes128 | aes256 | des } | prefer-stoc-hmac { md5 | md5-96 | sha1 | sha1-96 } ] * [ publickey keyname | source { interface interface-type interface-number | ipv6 ipv6-addres} ] * { In FIPS mode: sftp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type interface-number ] [ identity-key rsa | prefer-compress zlib | prefer-ctos-cipher { aes128 | aes256 } | prefer-ctos-hmac { sha1 | sha1-96 } | prefer-kex dh-group14 | prefer-stoc-cipher { aes128 | aes256 } | prefer-stoc-hmac { sha1 | sha1-96 } ] * [ publickey keyname | source { interface interface-type interface-number | ipv6 ipv6-addres} ] * Remarks Use one of the commands. Available in user view. 136