Wired Intelligent Edge (Campus Switching and Routing)

Configuration needed for SFTP authentication using Keyexchange.

MVP Expert
MVP Expert
Requirement:

To be able to transfer files from Aruba HPE switches to SFTP server(s) using SSH Key based authentication.

 



Solution:

Network administrators can securely transfer files from Aruba HPE switches to their SFTP servers using the method SFTP transfer.  In order to do that, network admin needs to get pass the authentication against SFTP server which can be based on Key-exchange or username/password. This article describes about SFTP transfer using Key based authentication.

 



Configuration:

In this example we are using Linux machine as SFTP server.

 

Steps on SFTP Server

  1. Generate ssh key in the SFTP server with the below command.
    
    ssh-keygen -f <filename> -b 1024 -t dsa  à Syntax
    ssh-keygen -f tit -b 1024 -t dsa  
    
  1. Leave password field empty and it will generate public and private keys in the home directory.
    
    [root@UbuntuServer47104 ~]# pwd
    [root@UbuntuServer47104 ~]# ls -l
    total 12
    drwxr-xr-x 2 root root 4096 Feb 27  2014 Desktop
    -rw------- 1 root root  668 Jul  9 04:33 titi             à private ssh key 
    -rw-r--r-- 1 root root  612 Jul  9 04:33 titi.pub         à public ssh key
    
  1. Set the permission for the private ssh key (titi) to 777.
    sh-4.1# chmod 777 titi
    
  2. In SFTP server, modify the below changes in the “/etc/ssh/sshd_config” file.​
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile      /etc/ssh/authorized_keys
    
  3. Copy the public ssh key (titi.pub)  from the home directory to the “/etc/ssh/authorized_keys” path.
    cp titi.pub /etc/ssh/authorized_keys 
    

 

Steps on the Switch

  1. Copy the private key file from the SFTP server to the switch using below command and choose option ‘y’.
    
    copy sftp ssh-client-key <user_name@ip_address> titi or copy tftp ssh-client-key <ip_address> titi 
    
    
    The manager key pair will be overwritten, continue (y/n)? y
    Attempting public key authentication...
    Public key authentication failed, attempting username/password authentication...
    Enter root@10.X.X.X's password: ********


Verification

Below example shows SFTP transfer of start-up config to the SFTP server.

 

copy startup-config sftp user_name@ip_address> <file_name>

 

Aruba-2930F-24G-PoEP-4SFP# copy startup-config sftp root@10.21.22.45’s config_1
Attempting public key authentication...              -->  Successfully authenticated using Key exchange, hence didn’t prompt for Password.
SFTP download in progress.
Version history
Revision #:
1 of 1
Last update:
‎03-18-2019 10:09 PM
Updated by:
 
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: