On my routers I have enabled SSH, which works just fine.
However making use of the enabled secure copy server with
ip scp server enable
seems a bit diffcult to me.
The scp server seems to run on the router, however I'm missing a tool to access it. Both, WinScp on Windows and scp on Linux fails to connect.
Any hints on how to get this to work?
I like to use scripts to automate updating and getting the inventory of my devices, as well as debugging on a bulk of routers at once. For this purpose I'd like to use SSH, because of the needed confidentiality. However, I hate to always have to specify username and password for every single session. Is there a way to exchange keys and signatures, so the session can be established automagically?
Currently I'm working with PuTTY's plink on Windows, because it has the feature to specify the password with a command line switch. However, I don't like to save passwords in my scripts.
think since ssh is working and scp is not, in order to avoid fragmentation issues, you can try to set the mss to 1300 and clear the df bit (replace with the internal interface of each router and set the right ip address for the client/server). For example, on the spoke:
access-list 199 permit ip host host
route-map DF_CLEAR permit 10
match address 199
set ip df 0
ip policy route-map DF_CLEAR
ip tcp adjust-mss 1300
I dont think there is a way to exchange keys and signature so that SSH session can be established automatically.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...