On Cisco network equipment you can enable SCP and use it instead of TFTP for most file transfers. This has the advantage of not having to setup a TFTP server on your computer and the file transfers are encrypted. Encryption should (must?) be used if you are copying files over an insecure link like the Internet.
On Windows you can use the Putty companion program pscp. You can download pscp here PSCP.
ConfigurationSSH and "aaa new model" with exec authorization have to be enabled or a local username/password with level 15 priv. In other words, when you log in over SSH, you must end up at a # prompt. See the Cisco Support forum article "Privilege Denied message" in the Reference section below if you get a Privilege denied message.
aaa authentication login default local
aaa authorization exec default local
ip scp server enable
For this example:
Cisco device IP - 192.168.10.100
Username - cisco
password – cisco1
My workstation - 192.168.10.50
Copy files from flash:
pscp -scp -pw cisco1 email@example.com:flash:test.pcap
test.pcap | 30 kB | 30.6 kB/s | ETA: 00:00:00 | 100%
Copy files to flash:
pscp -scp -pw cisco1 C:\tftp-root\firmware.bin firstname.lastname@example.org:flash:firmware.bin
Using the Archive command with SCPThe free Solarwinds SFTP/SCP server can be used on Windows as an SCP server. Once you have downloaded and installed the server use this syntax on the network device:
archive download-sw scp://email@example.com/c3750-ipbaselmk9-tar.122-55.SE10.tar
On the server you will see the authentication and then the file transfer:
On Mac or LinuxSCP is built into Mac OSX and most Linux/Unix distributions.
To copy a file from the network device to the host the syntax is:
scp user@host:flash:filename filename
Note: Make sure you have permission to save files in the directory you run the command from. If not you will see “Operation not supported
Here’s an example:
1s1k:~ mhubbard$ scp firstname.lastname@example.org:flash:config.text config.text
config.text 100% 7267 7.1KB/s 00:00
To copy a file from the host to the network device the syntax is:
scp file user@host:flash:file
Here’s an example:
1s1k:~ mhubbard$ scp a.txt email@example.com:flash:a.txt
a.txt 100% 7267 7.1KB/s 00:00
Copy files to flash from the network device
In this example the file is in my Downloads folder so the absolute path is /home/mhubbard/Downloads.
copy scp://firstname.lastname@example.org//home/mhubbard/Downloads/cat3k_caa-universalk9.SPA.03.06.06.E.152-2.E6.bin flash:
NOTE: there are two // after the IP address and the full path to the file.
Using a Password with an @ Symbol
Just like an SNMP Community string can't contain an @ symbol, neither can the password used for SCP. Here is an example:
C:\TFTP-Root>pscp -scp -pw b@w0rk@7 c:\tftp-root\nxos.7.0.3.I2.2d.bin email@example.com:flash:nxos.7.0.3.I2.2d.bin
PuTTY Secure Copy client
w0rk@7' is not recognized as an internal or external command, operable program or batch file.
Notice that it took the "b" then terminated on the @ symbol and returned the rest of the password as an error. The user was doing the copy with WinSCP and it popped up a dialog saying it received invalid data.
I switched to Putty SCP and it was immediately clear what the problem was. I created a new user with a valid password and the SCP transfer succeeded:
C:\TFTP-Root>pscp -scp -ow 9x3kaqq! c:\tftp-root\nxos.7.0.3.I2.2d.bin firstname.lastname@example.org:flash:nxos.7.0.3.I2.2d.bin
nxos.7.0.3.I2.2d.bin | 315980 kB | 381.2 kB/s |
TroubleshootingOpenSSH dropped support for SSH V1 in mid 2017. I recently went to scp a file to a 3850 switch and received this on the switch (ip 10.42.250.40):
%Error opening scp://*@10.42.52.172/cat3k_caa-universalk9.16.03.07.SPA.bin (Undefined error)
On the laptop I ran:
systemctl status sshd
ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-12-12 21:31:56 PST; 21h ago
Process: 19309 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 19305 ExecReload=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 2184 (sshd)
Tasks: 1 (limit: 4915)
└─2184 /usr/sbin/sshd -D
Dec 13 18:46:11 1S1K-G5-5587 sshd: Protocol major versions differ for 10.40.250.40 port 23825: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.1 vs. SSH-
I remembered that support for SSH V1 had been dropped. I ran
ip ssh ver 2
on the switch and it resolved the issue.
SCP Copy - Cisco Support Forums
Privilege denied message