Monday, June 20, 2011

A great way to copy files on cisco routers without FTP

So some of the readers of this blog might already know this little trick, and what's more some of you might be surprised I didn't know about this until recently! Again props to Alastair my coworker, he has given me some great tips so far!

We are going to use a putty program to copy a file to our flash (could be an IOS or whatever you like really) without having to use FTP, simply over SSH, this is super useful for those times when:

1. You don't have an FTP server handy
2. Your behind NAT so you can't just start an FTP server
3. Your behind a restrictive firewall

How do? Easy,

First, go to putty and download this:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Go to "PSCP.exe" and download it.

My recommendation is to put it in c:\windows\system32\ or somewhere else in your path, by doing this you can use when your in the command line at any path (it is a command line app)


Ok, next we need to add this simple command to your router:


PeterCCIE18371(config)#ip scp server enable


THE above command is the KEY command guys

Also, you will need to have aaa new-model enabled (you don't already? why not?) and make sure your AAA authorization network is OK, so for example:

aaa authorization network

You will also need to have SSH enabled, so make sure you have something like this under your VTY Lines:

line vty 0 15
exec-timeout 800 0
transport input telnet ssh
!

and make sure you have a crypto key generated

crypto key generate RSA modulus 1024


now with all that done, let's actually try a copy

go to a dos prompt and check this out:




C:\Temp>pscp -scp FILE.CSV admin@HOSTNAMEORIPHERE:FILE.CSV1
Using keyboard-interactive authentication.
Password:
FILE.CSV | 0 kB | 0.7 kB/s | ETA: 00:00:00 | 100%

replace HOSTNAMEORIPHERE with your IP address and you will see how it all works.

So there you have it! easy way to copy without FTP! Great isn't it!

Cheers
Pete






14 comments:

  1. aaa authorization exec default local
    is sometimes needed as well guys

    ReplyDelete
  2. Hi,
    SCP port has to be enabled right. I mean i cud only telnet, ssh / snmp. Based out in india. Provdng managed service. Remotly ttshotng d device. Any other wy. i am preferably looking for Nexus switch.

    ReplyDelete
  3. Can we backup Running-Config & Startup-config with this ?
    How is it work ?

    ReplyDelete
    Replies
    1. Just try :-)

      C:\> pscp.exe -scp admin@172.19.20.101:running-config c:\somepath\running-config.txt
      Using keyboard-interactive authentication.
      Password: *********
      running-config.txt | 16 kB | 16.6 kB/s | ETA: 00:00:00 | 100%
      Fatal: Received unexpected end-of-file from server

      Don't be alarmed by the "unexpected end-of-file from server"; I've been getting that error whenever i up- or downloaded a file from an IOS device with "ip scp server enabled" - I usually check MD5 checksums of IOS images transferred this way, and I never got an error.

      Note:
      user@host:/running-config will not work,
      user@host:running-config will work
      user@host:startup-config works,too.

      hope that helps
      Marc

      Delete
    2. I couldn't get this to work until I used a \ on the end;

      pscp -scp C:\xyz\file.bin me@router:\

      every other combination resulted in "Fatal: Received unexpected end-of-file from server"

      Delete
  4. Good job Peter and thanks for the detailed info. For those of you who can already login to the device using ssh, here's a shorter version of the same thing:

    - RouterOrSwitch(config)#ip scp server enable

    - C:\Temp>pscp -scp FILE.CSV admin@HOSTNAMEORIPHERE:FILE.CSV1

    Thanks,
    Roy.

    ReplyDelete
  5. Hey hi,
    Can i use PSCP for copying a file from linux to cisco router in flash.
    If we can, can you help me out. How can i do that ?

    Thanks in advance.

    ReplyDelete
  6. Tried this, but keep getting connection refused:C:\>pscp -scp "C:\Users\jgrant\Desktop\HSEC\isr4300-universalk9.03.16.01a.S.155
    -3.S1a-ext.SPA.bin" admin@10.16.11.110:\isr4300-universalk9.03.16.01a.S.155-3.S1
    a-ext.SPA.bin
    Fatal: Network error: Connection refused

    ReplyDelete
    Replies
    1. If I adjust commands a little, and add a user ID and password, I get this:Access denied
      Using keyboard-interactive authentication.
      password:
      Access denied
      Using keyboard-interactive authentication.
      password:

      Delete
  7. Cách điều trị đau bao tử hiệu quả nhanh , cùng xem cách chữa loét hành tá tràng , triệu chứng viêm amidan , Hỏi đáp bệnh amidan hốc mủ cấp tính ,Dân gian thuốc chữa mề đay nổi đỏ , thuoc chua benh gan nhiem mo , đặc trị bệnh viêm phế quản phổi hiệu quả , Mẹo hay chua ho hieu qua thế nào ,Thời tiết bệnh viêm mũi dị ứng ,xông mũi chữa viêm xoang mãn tính dịch mủ, Thuốc dân gian chữa đau dạ dày cấp tính , bệnh trào ngược thực quản phổ biến ,Làm sao chữa trao nguoc da day thuc quan bằng đông y

    ReplyDelete
  8. Thảo mộc tri rung toc nam nữ , phụ nữ mang thai mắc rối loạn kinh nguyệt có nguy hiểm không , mỏi xương khớp benh thoai hoa dot song co có chữa được không ,cách làm giảm bớt đau dạ dày tại nhà . công trình nghiên cứ cách chua viem gan b , bệnh viêm amidan thế nào để chữa bệnh viêm amidan , Cắt viêm amidan hốc mủ khó chịu , Bài thuốc chữa viêm đại tràng mãn tính . làm gì để kiêng bệnh đau dạ dày ăn gì cho nhanh khỏi . Khám phá ttriệu chứng bệnh đau dạ dày thế nào. đau rát viêm họng mãn tính chữa ra sao , Các mẹ cùng chua viem amidan o tre em đơn giản , chảy máu sau cắt viêm amidan kiêng ăn gì .
    Hạt đậu rồng chữa bệnh dạ dày .
    Những triệu chứng bệnh viêm xoang .
    Đông tây y hay thuốc dân gian chữa bệnh dạ dày tất cả đều hiệu quả . Mẩn ngứa mề đay ở người lớn và còn sảy ra benh me day o tre em nữa .

    ReplyDelete