cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19196
Views
30
Helpful
7
Replies

File Transfer using Secure Copy Server on Cisco ASA 5510

magurwara
Level 1
Level 1

I have SSH and SCP enabled on the ASA 5510. I can SSH fine into the device. However, I cannot copy files to the device usng WinSCP. Used all options but nothign seems to work. I see the log authentication successful, but then WinSCP reports no response from ASA.

Any idea?

7 Replies 7

risenshine4th
Level 1
Level 1

I would review the ports being used and use a packet sniffer like wireshark to see what traffic is really doing.

wireshark doesn't tell much as after SSH is established, packets are encrypted. I have used debug ssh on the ASA console to see what goes on.

SSH is established correctly and user is authenticated...

SSH2 2: authentication successful for xxxx

SSH2 2: channel open request

SSH2 2: exec request

No activity after the "exec request"

If I enable shell selection in WinScp then the exec request is replaced by "shell request". In either case nothing proceeds beyond that message and finally the following message:

SSH2: receive SSH message: [no message ID: variable *data is NULL]

SSH2: Session disconnected by SSH server - error 0x00 "Internal error"

Q. Should the iniial SSH session land the user in privileged exec mode for this to work?

cvestal11
Level 1
Level 1

I'm having the same problem

Hello,

This happens due to the way that WinSCP tries to get a shell to do things like directory listings. The ASA's SCP server doesn't support this:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s8.html#wp1510629

There is no directory support in this implementation of SCP, limiting remote client access to the adaptive security appliance internal files.

I'm not sure if there is a way to disable this functionality for WinSCP, but you can use something like 'pscp' on Windows (or 'scp' on Linux/Mac) to copy the files you need. The syntax would look something like this:

pscp @:

Hope that helps.

-Mike

Now, in my particular application and situation, what I found to be a just as good as alternative was using the latest ASDM.  Tools menu and File Mangement.

Worked great

What if asdm image is corrupted..

pscp worked for me as well:

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

From the CLI (I happened to use PowerShell), I changed my working directory to that which contained my files to be transfered. I then entered the syntax as below:

PS C:\Users\myusername\Downloads> .\pscp.exe .\asa971-4-lfbff-k8.SPA myasausername@172.30.0.1:asa971-4-lfbff-k8.SPA
The first key-exchange algorithm supported by the server is
diffie-hellman-group1-sha1, which is below the configured warning threshold.
Continue with connection? (y/n) y
plsadmin@172.30.0.1's password:

(My transfer began immediately afterward):


asa971-4-lfbff-k8.SPA | 2208 kB | 7.2 kB/s | ETA: 04:01:35 | 2%

Note: It may take a while to transfer but I'm pretty sure that's just a limitation of the protocol. Also if you're working within the legacy Windows command-line just remove the .\ from your command syntax and you should be fine.

PS- Don't forget to enable SSH Secure Copy capabilities in the ASA (conf t > ssh scopy enable)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: