Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3304
Views
4
Helpful
6
Replies

Privilege exec command for remote scp?

Go to solution
jph
Level 1
Level 1

‎08-03-2008 07:26 AM

What I wish to do is automatically back up the configuration of all of my devices via SSH. I want to create a user specifically for this purpose, whose only capability is to remotely scp the startup-config from each device.

I am unable to determine what 'privilege exec level <privilege>' command I need to do to enable this. Everything I can think of results in 'Privilege denied' on the remote hosts. Debugging of SSH indicates that the remote session conducts the actual login process successfully.

Thanks.

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
dhananjoy chowdhury
Level 5
Level 5
In response to Joe Clarke

‎08-03-2008 10:37 AM

Hi,

Try this, you don't have to configure any username on the Router for backup purpose.

The router automatically uploads the runing config to a SCP server .

You just need to provide the SCP username/password and path to the SCp server

And then mention the time interval in Minutes.

myRouter1(config)#archive

myRouter1(config-archive)#path scp://scpuser:pass123@10.10.10.2/myRouter-config

myRouter1(config-archive)#time period 1440

View solution in original post

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to jph

‎08-03-2008 11:48 AM

You can use $t and $h in the archive file name to substitute the current time and hostname respectively.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎08-03-2008 10:23 AM

Just make sure your username gets privilege level 15 when it logs in:

username backup privilege 15 password 0 B@ckup123

scp backup@10.1.1.1:nvram:/startup-config /path/to/backup

Go to solution
dhananjoy chowdhury
Level 5
Level 5
In response to Joe Clarke

‎08-03-2008 10:37 AM

Hi,

Try this, you don't have to configure any username on the Router for backup purpose.

The router automatically uploads the runing config to a SCP server .

You just need to provide the SCP username/password and path to the SCp server

And then mention the time interval in Minutes.

myRouter1(config)#archive

myRouter1(config-archive)#path scp://scpuser:pass123@10.10.10.2/myRouter-config

myRouter1(config-archive)#time period 1440

Go to solution
jph
Level 1
Level 1
In response to dhananjoy chowdhury

‎08-03-2008 11:39 AM

Thanks. I think this will pretty much do what I need, though it would be nice to have the config files be timestamped. Maybe it'll be enough to have the recipient server move them automatically.

Thanks.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to jph

‎08-03-2008 11:48 AM

You can use $t and $h in the archive file name to substitute the current time and hostname respectively.

0 Helpful

Go to solution
jph
Level 1
Level 1
In response to Joe Clarke

‎08-03-2008 11:38 AM

Sorry, if it wasn't explicit in my message, I did not want to have the backup user have full privileges, in case the password was compromised.

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to jph

‎08-03-2008 11:59 AM

There is no way to do this with local authorization. However, this can be accomplished using an external ACS server.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents