File Transfers

Downloading Switch Software

 

Using Secure Copy and SFTP

 

For some situations you may want to use a secure method to issue commands

 

or copy files to the switch. By opening a secure, encrypted SSH session you

 

can then use a third-party software application to take advantage of Secure

 

Copy (SCP) and Secure ftp (SFTP). SCP and SFTP provide a secure alternative

 

to TFTP for transferring information that may be sensitive (like switch con­

 

figuration files) to and from the switch. Essentially you are creating a secure

 

SSH tunnel as a way to transfer files with SFTP and SCP channels.

 

To use these commands you must install on the administrator workstation a

 

third-party application software client that supports the SFTP and/or SCP

 

functions. Some examples of software that supports SFTP and SCP are

 

PuTTY, Open SSH, WinSCP, and SSH Secure Shell. Most of these are freeware

 

and may be downloaded without cost or licensing from the internet. There are

 

differences in the way these clients work, so be sure you also download the

 

documentation.

 

As described earlier in this chapter you can use a TFTP client on the admin­

 

istrator workstation to update software images. This is a plain text mechanism

 

and it connects to a standalone TFTP server or another ProCurve switch

 

acting as a TFTP server to obtain the software image file(s). Using SCP and

 

SFTP allows you to maintain your switches with greater security. You can also

 

roll out new software images with automated scripts that make it easier to

 

upgrade multiple switches simultaneously and securely.

 

SFTP (secure file transfer protocol) is unrelated to FTP, although there are

 

some functional similarities. Once you set up an SFTP session through an SSH

 

tunnel, some of the commands are the same as FTP commands. Certain

 

commands are not allowed by the SFTP server on the switch, such as those

 

that create files or folders. If you try to issue commands such as create or

 

remove using SFTP the switch server returns an error message.

 

You can use SFTP just as you would TFTP to transfer files to and from the

 

switch, but with SFTP your file transfers are encrypted and require authenti­

 

cation, so they are more secure than they would be using TFTP. SFTP works

 

only with SSH version 2 (SSH v2).

 

 

N o t e

SFTP over SSH version 1 (SSH v1) is not supported. A request from either the

 

client or the switch (or both) using SSH v1 generates an error message. The

 

actual text of the error message differs, depending on the client software in

 

use. Some examples are:

 

Protocol major versions differ: 2 vs. 1

 

Connection closed

A-9