SCP SFTP errors.

bruce.porter · ‎03-24-2009

I have installed SSH and it works with PuTTY. I then wanted to use SCP. I enabled the SCP server on the switch: ip scp server enable.

First I logged in to the switch using PuTTY.

I tried using WinSCP from SourceFire. I found that it doesn't work and forum users say that the SCP transfer must be initiated FROM the Switch/Router.

The command should look something like Router# copy flash:c3620-ik9s-mz.122-0.17.T scp://tiger@10.1.1.2/

Error message: Connections to that host not permitted from this terminal.

Leo Laohoo · ‎03-24-2009

What do you need to securely copy from the server to the appliance?

bruce.porter · ‎03-24-2009

That is really the purpose of the SCP or SFTP. They encrypt the data, as well as authenticate. You want to avoid using telnet or tftp, both use clear text. Even better TACACS+ with the addition of RSA tokens. This system costs about $25K for a couple of appliances and 20 tokens. The benefits are the One Time Passwords off the tokens and a great deal of AAA.

System includes: Cisco ACS SE appliance and RSA authentication server; the RSA server is a System 130 appliance, built by Dell running a hardened Windows. This is the way to go for login (as opposed to SSH).