Privilege exec command for remote scp?

Answered Question

What I wish to do is automatically back up the configuration of all of my devices via SSH. I want to create a user specifically for this purpose, whose only capability is to remotely scp the startup-config from each device.

I am unable to determine what 'privilege exec level <privilege>' command I need to do to enable this. Everything I can think of results in 'Privilege denied' on the remote hosts. Debugging of SSH indicates that the remote session conducts the actual login process successfully.

Thanks.

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 8 years 4 months ago

You can use $t and $h in the archive file name to substitute the current time and hostname respectively.

Correct Answer by dhananjoy chowdhury about 8 years 4 months ago

Hi,

Try this, you don't have to configure any username on the Router for backup purpose.

The router automatically uploads the runing config to a SCP server .

You just need to provide the SCP username/password and path to the SCp server

And then mention the time interval in Minutes.

myRouter1(config)#archive

myRouter1(config-archive)#path scp://scpuser:[email protected]/myRouter-config

myRouter1(config-archive)#time period 1440

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (4 ratings)
Loading.
Joe Clarke Sun, 08/03/2008 - 10:23

Just make sure your username gets privilege level 15 when it logs in:

username backup privilege 15 password 0 [email protected]

scp [email protected]:nvram:/startup-config /path/to/backup

Correct Answer
dhananjoy chowdhury Sun, 08/03/2008 - 10:37

Hi,

Try this, you don't have to configure any username on the Router for backup purpose.

The router automatically uploads the runing config to a SCP server .

You just need to provide the SCP username/password and path to the SCp server

And then mention the time interval in Minutes.

myRouter1(config)#archive

myRouter1(config-archive)#path scp://scpuser:[email protected]/myRouter-config

myRouter1(config-archive)#time period 1440

Correct Answer
Joe Clarke Sun, 08/03/2008 - 11:48

You can use $t and $h in the archive file name to substitute the current time and hostname respectively.

Joe Clarke Sun, 08/03/2008 - 11:59

There is no way to do this with local authorization. However, this can be accomplished using an external ACS server.

Actions

This Discussion