File Transfers

Downloading Switch Software

 

Authentication

 

Switch memory allows up to ten public keys. This means the authentication

 

and encryption keys you use for your third-party client SCP/SFTP software

 

can differ from the keys you use for the SSH session, even though both SCP

 

and SFTP use a secure SSH tunnel.

 

 

N o t e

SSH authentication through a TACACS+ server and use of SCP or SFTP

 

through an SSH tunnel are mutually exclusive. Thus, if the switch is configured

 

to use TACACS+ for authenticating a secure Telnet SSH session on the switch,

 

you cannot enable SCP or SFTP. Also, if SCP or SFTP is enabled on the switch,

 

you cannot enable TACACS+ authentication for a secure Telnet SSH. The

 

switch displays a message similar to the following if there is an attempt to

 

configure either option when the other is already configured:

To provide username/password authentication on a switch providing SCP or SFTP support, use the switch’s local username/password facility. Otherwise, you can use the switch’s local public key for authentication.

Some clients such as PSCP (PuTTY SCP) automatically compare switch host keys for you. Other clients require you to manually copy and paste keys to the $HOME/.ssh/known_hosts file. Whatever SCP/SFTP software tool you use, after installing the client software you must verify that the switch host keys are available to the client.

Because the third-party software utilities you may use for SCP/SFTP vary, you should refer to the documentation provided with the utility you select before performing this process.

SCP/SFTP Operating Notes

When an SFTP client connects, the switch provides a file system display­ ing all of its available files and folders. No file or directory creation is permitted by the user. Files may only be uploaded or downloaded, accord­ ing to the permissions mask. All of the necessary files the switch will need are already in place on the switch. You do not need to (nor can you create) new files.

The switch supports one SFTP session or one SCP session at a time.

A-10