Configuration needed for SFTP authentication using Keyexchange.
To be able to transfer files from Aruba HPE switches to SFTP server(s) using SSH Key based authentication.
Network administrators can securely transfer files from Aruba HPE switches to their SFTP servers using the method SFTP transfer. In order to do that, network admin needs to get pass the authentication against SFTP server which can be based on Key-exchange or username/password. This article describes about SFTP transfer using Key based authentication.
In this example we are using Linux machine as SFTP server.
Steps on SFTP Server
Generate ssh key in the SFTP server with the below command. ssh-keygen -f <filename> -b 1024 -t dsa à Syntax ssh-keygen -f tit -b 1024 -t dsa
Leave password field empty and it will generate public and private keys in the home directory. [root@UbuntuServer47104 ~]# pwd [root@UbuntuServer47104 ~]# ls -l total 12 drwxr-xr-x 2 root root 4096 Feb 27 2014 Desktop -rw------- 1 root root 668 Jul 9 04:33 titi à private ssh key -rw-r--r-- 1 root root 612 Jul 9 04:33 titi.pub à public ssh key
Set the permission for the private ssh key (titi) to 777. sh-4.1# chmod 777 titi
In SFTP server, modify the below changes in the “/etc/ssh/sshd_config” file. RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile /etc/ssh/authorized_keys
Copy the public ssh key (titi.pub) from the home directory to the “/etc/ssh/authorized_keys” path. cp titi.pub /etc/ssh/authorized_keys
Steps on the Switch
Copy the private key file from the SFTP server to the switch using below command and choose option ‘y’. copy sftp ssh-client-key <user_name@ip_address> titi or copy tftp ssh-client-key <ip_address> titi The manager key pair will be overwritten, continue (y/n)? y Attempting public key authentication... Public key authentication failed, attempting username/password authentication... Enter root@10.X.X.X's password: ********
Below example shows SFTP transfer of start-up config to the SFTP server.
copy startup-config sftp user_name@ip_address> <file_name>
Aruba-2930F-24G-PoEP-4SFP# copy startup-config sftp email@example.com’s config_1 Attempting public key authentication... --> Successfully authenticated using Key exchange, hence didn’t prompt for Password. SFTP download in progress.