Configuration needed for SFTP authentication using Keyexchange.

By esupport posted Mar 19, 2019 01:09 AM

  
Mark as Inappropriate
Requirement:

To be able to transfer files from Aruba HPE switches to SFTP server(s) using SSH Key based authentication.

 



Solution:

Network administrators can securely transfer files from Aruba HPE switches to their SFTP servers using the method SFTP transfer.  In order to do that, network admin needs to get pass the authentication against SFTP server which can be based on Key-exchange or username/password. This article describes about SFTP transfer using Key based authentication.

 



Configuration:

In this example we are using Linux machine as SFTP server.

 

Steps on SFTP Server

  1. Generate ssh key in the SFTP server with the below command.

ssh-keygen -f <filename> -b 1024 -t dsa  à Syntax
ssh-keygen -f tit -b 1024 -t dsa  

  1. Leave password field empty and it will generate public and private keys in the home directory.

[root@UbuntuServer47104 ~]# pwd
[root@UbuntuServer47104 ~]# ls -l
total 12
drwxr-xr-x 2 root root 4096 Feb 27  2014 Desktop
-rw------- 1 root root  668 Jul  9 04:33 titi             à private ssh key 
-rw-r--r-- 1 root root  612 Jul  9 04:33 titi.pub         à public ssh key

  1. Set the permission for the private ssh key (titi) to 777.
sh-4.1# chmod 777 titi

  2. In SFTP server, modify the below changes in the “/etc/ssh/sshd_config” file.​

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      /etc/ssh/authorized_keys

  3. Copy the public ssh key (titi.pub)  from the home directory to the “/etc/ssh/authorized_keys” path.
cp titi.pub /etc/ssh/authorized_keys

 

Steps on the Switch

  1. Copy the private key file from the SFTP server to the switch using below command and choose option ‘y’.

copy sftp ssh-client-key <user_name@ip_address> titi or copy tftp ssh-client-key <ip_address> titi 


The manager key pair will be overwritten, continue (y/n)? y
Attempting public key authentication...
Public key authentication failed, attempting username/password authentication...
Enter root@10.X.X.X's password: ********


Verification

Below example shows SFTP transfer of start-up config to the SFTP server.

 

copy startup-config sftp user_name@ip_address> <file_name>

 

Aruba-2930F-24G-PoEP-4SFP# copy startup-config sftp root@10.21.22.45’s config_1
Attempting public key authentication...              -->  Successfully authenticated using Key exchange, hence didn’t prompt for Password.
SFTP download in progress.
0 comments
1 view