Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

File Transfer using Secure Copy Server on Cisco ASA 5510

I have SSH and SCP enabled on the ASA 5510. I can SSH fine into the device. However, I cannot copy files to the device usng WinSCP. Used all options but nothign seems to work. I see the log authentication successful, but then WinSCP reports no response from ASA.

Any idea?

7 REPLIES
New Member

Re: File Transfer using Secure Copy Server on Cisco ASA 5510

I would review the ports being used and use a packet sniffer like wireshark to see what traffic is really doing.

New Member

Re: File Transfer using Secure Copy Server on Cisco ASA 5510

wireshark doesn't tell much as after SSH is established, packets are encrypted. I have used debug ssh on the ASA console to see what goes on.

SSH is established correctly and user is authenticated...

SSH2 2: authentication successful for xxxx

SSH2 2: channel open request

SSH2 2: exec request

No activity after the "exec request"

If I enable shell selection in WinScp then the exec request is replaced by "shell request". In either case nothing proceeds beyond that message and finally the following message:

SSH2: receive SSH message: [no message ID: variable *data is NULL]

SSH2: Session disconnected by SSH server - error 0x00 "Internal error"

Q. Should the iniial SSH session land the user in privileged exec mode for this to work?

New Member

Re: File Transfer using Secure Copy Server on Cisco ASA 5510

I'm having the same problem

Cisco Employee

Re: File Transfer using Secure Copy Server on Cisco ASA 5510

Hello,

This happens due to the way that WinSCP tries to get a shell to do things like directory listings. The ASA's SCP server doesn't support this:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s8.html#wp1510629

There is no directory support in this implementation of SCP, limiting remote client access to the adaptive security appliance internal files.

I'm not sure if there is a way to disable this functionality for WinSCP, but you can use something like 'pscp' on Windows (or 'scp' on Linux/Mac) to copy the files you need. The syntax would look something like this:

pscp @:

Hope that helps.

-Mike

New Member

Re: File Transfer using Secure Copy Server on Cisco ASA 5510

Now, in my particular application and situation, what I found to be a just as good as alternative was using the latest ASDM.  Tools menu and File Mangement.

Worked great

New Member

File Transfer using Secure Copy Server on Cisco ASA 5510

What if asdm image is corrupted..

New Member

pscp worked for me as well

pscp worked for me as well:

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

From the CLI (I happened to use PowerShell), I changed my working directory to that which contained my files to be transfered. I then entered the syntax as below:

PS C:\Users\myusername\Downloads> .\pscp.exe .\asa971-4-lfbff-k8.SPA myasausername@172.30.0.1:asa971-4-lfbff-k8.SPA
The first key-exchange algorithm supported by the server is
diffie-hellman-group1-sha1, which is below the configured warning threshold.
Continue with connection? (y/n) y
plsadmin@172.30.0.1's password:

(My transfer began immediately afterward):


asa971-4-lfbff-k8.SPA | 2208 kB | 7.2 kB/s | ETA: 04:01:35 | 2%

Note: It may take a while to transfer but I'm pretty sure that's just a limitation of the protocol. Also if you're working within the legacy Windows command-line just remove the .\ from your command syntax and you should be fine.

PS- Don't forget to enable SSH Secure Copy capabilities in the ASA (conf t > ssh scopy enable)

7897
Views
5
Helpful
7
Replies