File Transfers
Downloading Switch Software
Authentication
Switch memory allows up to ten public keys. This means the authentication
and encryption keys you use for your third-party client SCP/SFTP software
can differ from the keys you use for the SSH session, even though both SCP
and SFTP use a secure SSH tunnel.
Note SSH authentication through a TACACS+ server and use of SCP or SFTP
through an SSH tunnel are mutually exclusive. Thus, if the switch is configured
to use TACACS+ for authenticating a secure Telnet SSH session on the switch,
you cannot enable SCP or SFTP. Also, if SCP or SFTP is enabled on the switch,
you cannot enable TACACS+ authentication for a secure Telnet SSH. The
switch displays a message similar to the following if there is an attempt to
configure either option when the other is already configured:
To provide username/password authentication on a switch providing SCP or
SFTP support, use the switch’s local username/password facility. Otherwise,
you can use the switch’s local public key for authentication.
Some clients such as PSCP (PuTTY SCP) automatically compare switch host
keys for you. Other clients require you to manually copy and paste keys to the
$HOME/.ssh/known_hosts file. Whatever SCP/SFTP software tool you use, after
installing the client software you must verify that the switch host keys are
available to the client.
Because the third-party software utilities you may use for SCP/SFTP vary, you
should refer to the documentation provided with the utility you select before
performing this process.
SCP/SFTP Operating Notes
■ When an SFTP client connects, the switch provides a file system display-
ing all of its available files and folders. No file or directory creation is
permitted by the user. Files may only be uploaded or downloaded, accord-
ing to the permissions mask. All of the necessary files the switch will need
are already in place on the switch. You do not need to (nor can you create)
new files.
■ The switch supports one SFTP session or one SCP session at a time.
A-10