Configuring the SFTP Client

When the router operates as an SFTP client, a secure channel is established with an SFTP server and an SSH session is initiated automatically. You need not explicitly initiate an SSH session with an SSH server.

To configure the router as an SFTP client and establish an SSH session with the SFTP server:

  1. Specify the remote host parameters, such as the hostname, IP address, and authentication credentials, for the SFTP server. Using the sftp keyword with the host command enables the router to consider the remote host as an SFTP server.
    host1(config)#host sftphost 126.197.10.5 sftp abc xyz

    In this example, an SFTP host is configured to enable transfer of data using an SSH session between the SFTP client and server. When the SFTP client attempts to connect to the SFTP server, the client supplies the configured user credentials to enable the server to authenticate the client login.

  2. Configure the router, which is the SFTP client, to generate the SSH server host key and enable the SSH server daemon. If you enter the crypto key generate dss command without the SSH-server keyword, by default, the SSH server host key is generated and the SSH server daemon is enabled.
    host1(config)#crypto key generate dss SSH-server

    If an SSH server host key is already present on the router, using the crypto key generate dss SSH-server command causes the existing key to be removed and a fresh host key to be generated. When the new host key replaces the older host key, all established SSH connections are terminated. You must reestablish the SSH sessions.

  3. Configure the router, which is the SFTP client, to generate a public/private key pair and use this key pair to initiate an SSH session with the SFTP server. This key pair is used to encrypt the data transferred across the SSH connection. The public key is distributed to the SSH server.
    host1(config)#crypto key generate dss SFTP-client

    If a public/private key pair was previously generated and if you issue the crypto key generate dss SFTP-client command to regenerate a fresh SSH key pair, the older key is removed and replaced by the fresh key pair. The active SSH sessions are terminated in such a case.

Related Documentation