Table of Contents
server-pki-domain domain-name: Specifies the PKI domain for verifying the server's certificate.
The domain-name argument represents the PKI domain name, a case-insensitive string of 1 to 31
characters. Invalid characters are tildes (~), asterisks (*), backslashes (\), vertical bars (|), colons (:),
dots (.), angle brackets (< >), quotation marks ("), and apostrophes (').
source: Specifies a source IPv6 address or source interface for IPv6 SCP packets. By default, the
device automatically selects a source address for IPv6 SCP packets in compliance with RFC 3484.
As a best practice to ensure successful SCP connections, specify a loopback interface as the source
interface or specify that interface's IPv6 address as the source IPv6 address.
•
interface interface-type interface-number: Specifies a source interface by its type and number.
The IPv6 address of this interface is the source IPv6 address of the IPv6 SCP packets.
•
ipv6 ipv6-address: Specifies a source IPv6 address.
user username: Specifies an SCP username, a case-sensitive string of 1 to 80 characters. If the
username contains an ISP domain name, use the pureusername@domain format. The
pureusername argument is a string of 1 to 55 characters. The domain argument is a string of 1 to 24
characters.
password password: Specifies a password in plaintext form, a case-sensitive string of 1 to 63
characters.
Usage guidelines
If the client and the server have negotiated to use certificate authentication, the client must verify the
server's certificate. For the client to correctly get the server's certificate, you must specify the server's
PKI domain on the client by using the server-pki-domain domain-name option. The client uses the
CA certificate stored in the specified PKI domain to verify the server's certificate and does not need
to save the server's public key before authentication. If you do not specify the server's PKI domain,
the client uses the PKI domain of its own certificate to verify the server's certificate.
If you do not specify a username and password in the command, you must provide the username
and password in an interactive way.
If the SCP server uses publickey authentication, the password specified by this command is ignored.
Examples
# Connect an SCP client to SCP server 2000::1. Specify the public key of the server as svkey, and
download file abc.txt from the server. The SCP client uses publickey authentication. Use the
following algorithms:
•
Preferred key exchange algorithm: dh-group14-sha1.
•
Preferred server-to-client encryption algorithm: aes128-cbc.
•
Preferred client-to-server HMAC algorithm: sha1.
•
Preferred server-to-client HMAC algorithm: sha1-96.
•
Preferred compression algorithm: zlib.
aes128-cbc prefer-ctos-hmac sha1 prefer-stoc-hmac sha1-96 prefer-compress zlib public-key
svkey
Username:
scp ipv6 suite-b
Use scp ipv6 suite-b to establish a connection to an IPv6 SCP server based on Suite B algorithms
and transfer files with the server.
Syntax
scp ipv6 server [ port-number ] [ vpn-instance vpn-instance-name ] [ -i interface-type
interface-number ] { put | get } source-file-name [ destination-file-name ] suite-b [ 128-bit | 192-bit ]
474
Table of Contents
