Installation and Setup Guide for Resource Manager Essentials 4.0.5 on Windows (With LMS 2.6)
Appendix C: Information About Secure Copy
Download this chapter
Appendix C: Information About Secure CopyAppendix C: Information About Secure Copy
Download the complete book
Resource Manager Essentials 4.0.5 on Windows Install Guide PDFResource Manager Essentials 4.0.5 on Windows Install Guide PDF (PDF - 3 MB)
give_us_feedback

Table Of Contents

Information About Secure Copy

How SCP Works

How to Configure SCP

Configuring SCP

Verifying SCP

Troubleshooting SCP


Information About Secure Copy

To configure Secure Copy feature, you should understand the following concepts.

How SCP Works

How to Configure SCP

How SCP Works

The behavior of SCP is similar to that of remote copy (rcp), which comes from the Berkeley r-tools suite, except that SCP relies on SSH for security. In addition, SCP requires that authentication, authorization, and accounting (AAA) authorization be configured so the router can determine whether the user has the correct privilege level.

SCP allows a user who has appropriate authorization to copy any file that exists in the Cisco IOS File System (IFS) to and from a router by using the copy command. An authorized administrator may also perform this action from a workstation.

How to Configure SCP

This section contains the following procedures:

Configuring SCP

Verifying SCP

Troubleshooting SCP

Configuring SCP

To enable and configure a Cisco router for SCP server-side functionality, perform the following:

Command
Purpose

enable

Example:

Router > enable

Enables privileged EXEC mode.

Enter your password if prompted.

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

aaa new-model

Example:

Router (config)# aaa new-model

Enables the AAA access control system.

aaa authentication login {default | list-name} method1 [method2...]

Example:

Router (config)# aaa authentication login default local

Sets AAA authentication at login.

aaa authentication enable {default | list-name} method1 [method2...]

Example:

Router (config)# aaa authentication enable default none

Sets AAA authentication at enable.

aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} [method1 [method2...]]

Example:

Router (config)# aaa authorization exec default local

Sets parameters that restrict user access to a network.

Note The exec keyword runs authorization to determine if the user is allowed to run an EXEC shell; therefore, you must use it when you configure SCP.

username name [privilege level] {password encryption-type encrypted-password}

Example:

Router (config)# username superuser privilege 15 password 0 superpassword

Establishes a username-based authentication system.

Note You may skip this step if a network-based authentication mechanism—such as TACACS+ or RADIUS—has been configured.

ip scp server enable

Example:

Router (config)# ip scp server enable

Enables SCP server-side functionality.


Verifying SCP

To verify SCP server-side functionality, perform the following:

Command or Action
Purpose

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

show running-config

Example:

Router# show running-config

Verifies the SCP server-side functionality.


Troubleshooting SCP

To troubleshoot SCP authentication problems, perform the following:

Command or Action
Purpose

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

debug ip scp

Example:

Router# debug ip scp

Troubleshoots SCP authentication problems.