Keith O'Brien Blog - Information and Cyber Security
  • Blog
  • Resume
  • Security Resources

Using SCP Secure Copy with Cisco Routers

2/7/2012

 
Traditionally installing and uploading images on Cisco router has been done with TFTP.    As the IOS images have grown larger and larger some TFTP servers have problems with supporting these large file sizes.    Secure Copy - scp can be used in place of TFTP to interact with the IOS file system.    This eliminates many of the problems related to TFTP with the added benefit of security.   Below is an IOS config snippet for making this work:
 

! AAA authentication and authorization must be configured properly for SCP to work.
aaa new-model
aaa authentication login default local
aaa authorization exec default local
! Set your login credentials as appropriate
username user privilege 15 password 0 securepass
! SSH must be configured and functioning properly.
ip ssh time-out 120
ip ssh authentication-retries 3
ip scp server enable



At this point you can use any scp client to interact with the IOS filesystem.    So for example on a Unix-like filesystem:


scp -2 ./c2800nm-adventerprisek9-mz.151-2.T1.bin \
[email protected]:/c2800nm-adventerprisek9-mz.151-2.T1.bin



The above will copy the image to the flash filesystem on router 10.1.1.1.    The -2 option forces SCP to use version #2

    RSS Feed

    Categories

    All
    Asa
    Cisco
    Cloud
    Google GCP
    Ipv6
    Network Management
    Nmap
    Os X
    Reconnaissance
    Security
    Vpn

Powered by Create your own unique website with customizable templates.
  • Blog
  • Resume
  • Security Resources