Please help me!
fw# copy running-config scp:
Source filename [running-config]?
Address or name of remote host ? 10.10.10.10
Destination username ? admin
Destination filename [running-config]?
Cryptochecksum: 3d0e3551 0b68954f 3cbe9215 18a6c805
%Error opening scp://firstname.lastname@example.org/running-config (Permission denied)
There is a related problem here https://supportforums.cisco.com/discussion/12197701/scp-transfer-failure
"Is your scp server a Linux box? If so, I've always had to create the empty file in the directory and give write permissions to it when writing to my Linux servers. And those permissions would need to be applied up the directory, tftpboot, network. "
I am sure. ASA and the server are on the same subnet. When the command copy running-config scp: you can specify any other host. The result will be the same (Permission denied). The problem of the Cisco ASA. Somehow, ASA does not allow the execution of command
Is it possible that ASA needs some license? I’m not sure if ASA must have the strong encryption (3DES/AES) license to support SSH Version 2 connections.
we got a free license 3DES/AES from cisco.com/go/license and activate it on the ASA.The result is the same - Permission deniedce
Can you ensure that no traffic is leaving the ASA?
capture capin interface inside match ip host 10.10.10.11 host 10.10.10.10
You should then be able (or unable) to display the packets captured by issuing:
show capture capin
at the moment i don't have the access to asa.
However, we had tried to capture traffic from asa on the server by using WiresharkPortable. No traffic was visible from ASA.
If the SSH traffic is not leaving ASA, then you are dealing with ASA misconfig of bug. But if the traffic is leaving ASA, then the problem is outside ASA. I guess you should check it, just to be safe.
ok. i will check in two weeks.
I assumed it should work according to this document:
the problem is solved!