Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

jph
New Member

Privilege exec command for remote scp?

What I wish to do is automatically back up the configuration of all of my devices via SSH. I want to create a user specifically for this purpose, whose only capability is to remotely scp the startup-config from each device.

I am unable to determine what 'privilege exec level <privilege>' command I need to do to enable this. Everything I can think of results in 'Privilege denied' on the remote hosts. Debugging of SSH indicates that the remote session conducts the actual login process successfully.

Thanks.

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Privilege exec command for remote scp?

Hi,

Try this, you don't have to configure any username on the Router for backup purpose.

The router automatically uploads the runing config to a SCP server .

You just need to provide the SCP username/password and path to the SCp server

And then mention the time interval in Minutes.

myRouter1(config)#archive

myRouter1(config-archive)#path scp://scpuser:pass123@10.10.10.2/myRouter-config

myRouter1(config-archive)#time period 1440

Cisco Employee

Re: Privilege exec command for remote scp?

You can use $t and $h in the archive file name to substitute the current time and hostname respectively.

6 REPLIES
Cisco Employee

Re: Privilege exec command for remote scp?

Just make sure your username gets privilege level 15 when it logs in:

username backup privilege 15 password 0 B@ckup123

scp backup@10.1.1.1:nvram:/startup-config /path/to/backup

Re: Privilege exec command for remote scp?

Hi,

Try this, you don't have to configure any username on the Router for backup purpose.

The router automatically uploads the runing config to a SCP server .

You just need to provide the SCP username/password and path to the SCp server

And then mention the time interval in Minutes.

myRouter1(config)#archive

myRouter1(config-archive)#path scp://scpuser:pass123@10.10.10.2/myRouter-config

myRouter1(config-archive)#time period 1440

jph
New Member

Re: Privilege exec command for remote scp?

Thanks. I think this will pretty much do what I need, though it would be nice to have the config files be timestamped. Maybe it'll be enough to have the recipient server move them automatically.

Thanks.

Cisco Employee

Re: Privilege exec command for remote scp?

You can use $t and $h in the archive file name to substitute the current time and hostname respectively.

jph
New Member

Re: Privilege exec command for remote scp?

Sorry, if it wasn't explicit in my message, I did not want to have the backup user have full privileges, in case the password was compromised.

Cisco Employee

Re: Privilege exec command for remote scp?

There is no way to do this with local authorization. However, this can be accomplished using an external ACS server.

975
Views
4
Helpful
6
Replies