Monday, June 20, 2011

A great way to copy files on cisco routers without FTP

So some of the readers of this blog might already know this little trick, and what's more some of you might be surprised I didn't know about this until recently! Again props to Alastair my coworker, he has given me some great tips so far!

We are going to use a putty program to copy a file to our flash (could be an IOS or whatever you like really) without having to use FTP, simply over SSH, this is super useful for those times when:

1. You don't have an FTP server handy
2. Your behind NAT so you can't just start an FTP server
3. Your behind a restrictive firewall

How do? Easy,

First, go to putty and download this:

Go to "PSCP.exe" and download it.

My recommendation is to put it in c:\windows\system32\ or somewhere else in your path, by doing this you can use when your in the command line at any path (it is a command line app)

Ok, next we need to add this simple command to your router:

PeterCCIE18371(config)#ip scp server enable

THE above command is the KEY command guys

Also, you will need to have aaa new-model enabled (you don't already? why not?) and make sure your AAA authorization network is OK, so for example:

aaa authorization network

You will also need to have SSH enabled, so make sure you have something like this under your VTY Lines:

line vty 0 15
exec-timeout 800 0
transport input telnet ssh

and make sure you have a crypto key generated

crypto key generate RSA modulus 1024

now with all that done, let's actually try a copy

go to a dos prompt and check this out:

Using keyboard-interactive authentication.
FILE.CSV | 0 kB | 0.7 kB/s | ETA: 00:00:00 | 100%

replace HOSTNAMEORIPHERE with your IP address and you will see how it all works.

So there you have it! easy way to copy without FTP! Great isn't it!



  1. aaa authorization exec default local
    is sometimes needed as well guys

  2. Hi,
    SCP port has to be enabled right. I mean i cud only telnet, ssh / snmp. Based out in india. Provdng managed service. Remotly ttshotng d device. Any other wy. i am preferably looking for Nexus switch.

  3. Can we backup Running-Config & Startup-config with this ?
    How is it work ?

    1. Just try :-)

      C:\> pscp.exe -scp admin@ c:\somepath\running-config.txt
      Using keyboard-interactive authentication.
      Password: *********
      running-config.txt | 16 kB | 16.6 kB/s | ETA: 00:00:00 | 100%
      Fatal: Received unexpected end-of-file from server

      Don't be alarmed by the "unexpected end-of-file from server"; I've been getting that error whenever i up- or downloaded a file from an IOS device with "ip scp server enabled" - I usually check MD5 checksums of IOS images transferred this way, and I never got an error.

      user@host:/running-config will not work,
      user@host:running-config will work
      user@host:startup-config works,too.

      hope that helps

  4. Good job Peter and thanks for the detailed info. For those of you who can already login to the device using ssh, here's a shorter version of the same thing:

    - RouterOrSwitch(config)#ip scp server enable

    - C:\Temp>pscp -scp FILE.CSV admin@HOSTNAMEORIPHERE:FILE.CSV1


  5. Hey hi,
    Can i use PSCP for copying a file from linux to cisco router in flash.
    If we can, can you help me out. How can i do that ?

    Thanks in advance.

  6. Tried this, but keep getting connection refused:C:\>pscp -scp "C:\Users\jgrant\Desktop\HSEC\isr4300-universalk9.03.16.01a.S.155
    -3.S1a-ext.SPA.bin" admin@\isr4300-universalk9.03.16.01a.S.155-3.S1
    Fatal: Network error: Connection refused

    1. If I adjust commands a little, and add a user ID and password, I get this:Access denied
      Using keyboard-interactive authentication.
      Access denied
      Using keyboard-interactive authentication.