Secure Copy, SSH

csiebert007 · ‎08-14-2007

1.) SCP

On my routers I have enabled SSH, which works just fine.

However making use of the enabled secure copy server with

ip scp server enable

seems a bit diffcult to me.

The scp server seems to run on the router, however I'm missing a tool to access it. Both, WinScp on Windows and scp on Linux fails to connect.

Any hints on how to get this to work?

2.) SSH

I like to use scripts to automate updating and getting the inventory of my devices, as well as debugging on a bulk of routers at once. For this purpose I'd like to use SSH, because of the needed confidentiality. However, I hate to always have to specify username and password for every single session. Is there a way to exchange keys and signatures, so the session can be established automagically?

Currently I'm working with PuTTY's plink on Windows, because it has the feature to specify the password with a command line switch. However, I don't like to save passwords in my scripts.

Any suggestions?

gmarogi · ‎08-20-2007

think since ssh is working and scp is not, in order to avoid fragmentation issues, you can try to set the mss to 1300 and clear the df bit (replace with the internal interface of each router and set the right ip address for the client/server). For example, on the spoke:

access-list 199 permit ip host host

route-map DF_CLEAR permit 10

match address 199

set ip df 0

exit

int

ip policy route-map DF_CLEAR

ip tcp adjust-mss 1300

exit

I dont think there is a way to exchange keys and signature so that SSH session can be established automatically.