实验内容
使用AR1作为SFTP的Server,AR2作为SFTP的Client,模拟用户从AR2通过SFTP登陆到AR1。
AR1 IP:192.168.1.1
AR2 IP:192.168.1.10
user:admin1,password:admin1,有管理权限
HCNA实验指南-配置路由器开启SFTP_第1张图片
AR1(192.168.1.1),配置如下:

syste   
system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]rsa local-key-pair create 
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.......++++++++++++
..............++++++++++++
..........................................................++++++++
.....++++++++

[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.1 24

[AR1-GigabitEthernet0/0/0]aaa
[AR1-aaa]local-user admin1 password cipher admin1 privilege level 3
[AR1-aaa]local-user admin1 service-type ssh
[AR1-aaa]local-user admin1 ftp-directory flash:

[AR1-aaa]user-interface vty 0 4
[AR1-ui-vty0-4]protocol inbound ssh
[AR1-ui-vty0-4]authentication-mode aaa
[AR1-ui-vty0-4]quit

[AR1]sftp server enable
[AR1]display ssh server status
 SSH version                         :1.99  
 SSH connection timeout              :60 seconds
 SSH server key generating interval  :0 hours
 SSH Authentication retries          :3 times
 SFTP Server                         :Enable
 Stelnet server                      :Disable

[AR1]display ssh server session 
 --------------------------------------------------------------------
 Conn   Ver   Encry     State  Auth-type        Username
 --------------------------------------------------------------------
 VTY 0  2.0   AES       run    password         admin1                          
 ---------------------------------------------------------------

AR2(192.168.1.10),配置如下:

system-view 
[Huawei]interface g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.1.10 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]ssh client first-time enable 
[Huawei]sftp 192.168.1.1
Please input the username:admin1
Trying 192.168.1.1 ...
Press CTRL+K to abort
The server is not authenticated. Continue to access it? (y/n)[n]:y
Jan 23 2020 00:43:51-08:00 Huawei %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[2]:The serve
r had not been authenticated in the process of exchanging keys. When deciding wh
ether to continue, the user chose Y. 
sftp-client>
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 192.168.1.1. Please wait...

Jan 23 2020 00:43:53-08:00 Huawei %%01SSH/4/SAVE_PUBLICKEY(l)[3]:When deciding w
hether to save the server's public key 192.168.1.1, the user chose Y. 
sftp-client>
Enter password:
sftp-client>