Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

scp from device to unix server

Hello,

we have configured our devices with an alias to copy the running-config to a tftp server. See example:

copy running-config tftp://SERVER/CISCO/router/rou1-confg.

This works without problems. But we want to use scp. Can we create an alias for scp which includes the username and password?

When i try to do a

copy running-config scp: it ask me for ip address, username and filename. When i give all, it ask for passwort and then copies the file to the server, but then it tooks about one minute till the prompt comes back. Why does it hang, after the file is successfull copied? From unix systems to the server, it works without hanging.

11 REPLIES
Cisco Employee

Re: scp from device to unix server

The SCP hang problem is due to a bug, CSCsm57122.

You can create an alias with the username and password, put this is a security risk. To do it, use:

copy runn scp://username:password@SERVER...

New Member

Re: scp from device to unix server

What is the prefered method to save the running-config to a server, or to load a new software image from a server to the device? Can I use a authentication key, and if so, what are the steps for doing this?

Cisco Employee

Re: scp from device to unix server

Typically, customers use an external NMS to pull the configs from devices. For example, CiscoWorks LMS can capture configs using TFTP, SCP, SSH, Telnet, etc. It stores the credentials locally in encrypted text in its database.

There are other, open source tools which can do the same thing. For example, you can use Rancid (http://www.shrubbery.net/rancid/), or ciscoconf (http://software.automagic.org/ciscoconf/) to download and store Cisco device configurations.

New Member

Re: scp from device to unix server

Is it possible to copy with scp and one command line like scp user:password@switch:/config.txt to a server. I mean can i start the command on a unix server, to copy the config file to the server?

Cisco Employee

Re: scp from device to unix server

Yes, you can use this one command on IOS to do the copy. If you want to eliminate all prompts, you can also configure "file prompt quiet" in global mode.

You can also run an SCP server on the device with the command ip scp server enable. Once that is configured, you can initiate the SCP transfer from a UNIX host.

New Member

Re: scp from device to unix server

Is it possible to work with an public-key? I mean, can i copy a the public key from the server to the device, and then i need no password when i logon. When it is possible, what must i do to copy the key to the device?

Cisco Employee

Re: scp from device to unix server

This is not possible. Public key support is not currently planned for IOS.

New Member

Re: scp from device to unix server

I have configured the ssh server on the device, and i can copy the file to my unix server, but the problem is, when i start a scp user@DEVICE:/config.txt /scp/device.txt, i always must type the password. Did you have an idea to supress this? It would be nice to give the password in the command line like scp user:password@device but this is not allowed.

Silver

Re: scp from device to unix server

Let me throw in my 2c on this:

This is the reason why Cisco is YEARS behind

vendors such as Checkpoint, Juniper and Nokia

in terms of security. Yes, scp is very secure

but in terms of cisco you have to use password

authentication. If you have to put password

in the script, you just defeat the purpose

of strong security.

Other vendors support public/private key

authentication. If you need additional

security, you can apply passphrase for

additional security. I don't see any reasons

Cisco does not do this.

CCIE Security

Cisco Employee

Re: scp from device to unix server

This isn't the first request I've personally heard for public key support; and I don't typically support security issues. All the internal conversations on this I have found point to this feature not being implemented. Therefore, I highly encourage people who want it to talk to their account teams to build business cases for it by filing PERS requests. If enough documented customers get behind this, it will happen.

Cisco Employee

Re: scp from device to unix server

For this, you would need to use Expect or some other scripting language to provide the credentials.

2830
Views
20
Helpful
11
Replies