Privilege exec command for remote scp?

Answered Question

What I wish to do is automatically back up the configuration of all of my devices via SSH. I want to create a user specifically for this purpose, whose only capability is to remotely scp the startup-config from each device.


I am unable to determine what 'privilege exec level <privilege>' command I need to do to enable this. Everything I can think of results in 'Privilege denied' on the remote hosts. Debugging of SSH indicates that the remote session conducts the actual login process successfully.


Thanks.

Correct Answer by Joe Clarke about 8 years 7 months ago

You can use $t and $h in the archive file name to substitute the current time and hostname respectively.

Correct Answer by dhananjoy chowdhury about 8 years 7 months ago

Hi,

Try this, you don't have to configure any username on the Router for backup purpose.

The router automatically uploads the runing config to a SCP server .

You just need to provide the SCP username/password and path to the SCp server

And then mention the time interval in Minutes.


myRouter1(config)#archive

myRouter1(config-archive)#path scp://scpuser:[email protected]/myRouter-config

myRouter1(config-archive)#time period 1440

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (4 ratings)
Loading.
Joe Clarke Sun, 08/03/2008 - 10:23
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Just make sure your username gets privilege level 15 when it logs in:


username backup privilege 15 password 0 [email protected]


scp [email protected]:nvram:/startup-config /path/to/backup

Correct Answer
dhananjoy chowdhury Sun, 08/03/2008 - 10:37
User Badges:
  • Silver, 250 points or more

Hi,

Try this, you don't have to configure any username on the Router for backup purpose.

The router automatically uploads the runing config to a SCP server .

You just need to provide the SCP username/password and path to the SCp server

And then mention the time interval in Minutes.


myRouter1(config)#archive

myRouter1(config-archive)#path scp://scpuser:[email protected]/myRouter-config

myRouter1(config-archive)#time period 1440

Correct Answer
Joe Clarke Sun, 08/03/2008 - 11:48
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You can use $t and $h in the archive file name to substitute the current time and hostname respectively.

Joe Clarke Sun, 08/03/2008 - 11:59
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

There is no way to do this with local authorization. However, this can be accomplished using an external ACS server.

Actions

This Discussion