File Transfer using Secure Copy Server on Cisco ASA 5510

Unanswered Question
Nov 14th, 2008
User Badges:

I have SSH and SCP enabled on the ASA 5510. I can SSH fine into the device. However, I cannot copy files to the device usng WinSCP. Used all options but nothign seems to work. I see the log authentication successful, but then WinSCP reports no response from ASA.


Any idea?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
risenshine4th Fri, 11/14/2008 - 13:12
User Badges:

I would review the ports being used and use a packet sniffer like wireshark to see what traffic is really doing.




magurwara Fri, 11/14/2008 - 18:35
User Badges:

wireshark doesn't tell much as after SSH is established, packets are encrypted. I have used debug ssh on the ASA console to see what goes on.


SSH is established correctly and user is authenticated...


SSH2 2: authentication successful for xxxx

SSH2 2: channel open request

SSH2 2: exec request


No activity after the "exec request"


If I enable shell selection in WinScp then the exec request is replaced by "shell request". In either case nothing proceeds beyond that message and finally the following message:


SSH2: receive SSH message: [no message ID: variable *data is NULL]

SSH2: Session disconnected by SSH server - error 0x00 "Internal error"


Q. Should the iniial SSH session land the user in privileged exec mode for this to work?



mirober2 Sat, 02/26/2011 - 05:47
User Badges:
  • Cisco Employee,

Hello,


This happens due to the way that WinSCP tries to get a shell to do things like directory listings. The ASA's SCP server doesn't support this:


http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s8.html#wp1510629

There is no directory support in this implementation of SCP, limiting remote client access to the adaptive security appliance internal files.


I'm not sure if there is a way to disable this functionality for WinSCP, but you can use something like 'pscp' on Windows (or 'scp' on Linux/Mac) to copy the files you need. The syntax would look something like this:


pscp @:


Hope that helps.


-Mike

cvestal11 Sat, 02/26/2011 - 06:14
User Badges:

Now, in my particular application and situation, what I found to be a just as good as alternative was using the latest ASDM.  Tools menu and File Mangement.


Worked great

Actions

This Discussion