TFTP vs SFTP and SCP - no tftp client

Information

The TFTP client and server should be disabled as they do not require any authentication, and (as with Telnet) transfer data in the clear. Secure File Transfer Protocol (SFTP) and Secure Copy Protocol (SCP), part of the SSH protocol suite, should be used instead as they provide an encrypted session using public/private keys between client and server just like SSH. In this case, the switch acts as the server, with the management station acting as the client.

Solution

You will need a secure terminal client program running on your PC. To enable SFTP and SCP and disable TFTP, follow these steps:

switch(config)# crypto key generate ssh
switch(config)# ip ssh filetransfer
TFTP and auto-TFTP are now disabled because they cannot be secured with SSH. TFTP can be re-enabled with the 'tftp' command.

When executing ip ssh filetransfer, the TFTP client and server will be disabled automatically. To disable the TFTP client and server manually (if, for instance, you are disabling all file transfer protocols), execute the following commands:

switch(config)# no tftp server
switch(config)# no tftp client

See Also

https://support.hpe.com/hpesc/public/docDisplay?docId=a00056155en_us

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: ArubaOS

Control ID: 03042e7409162073c55ff0307927f781ec479833e04f968c70b888d4e3b8a309