The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To enable the router to securely copy files from a remote workstation, use the ip scp server enable command in global configuration mode. To disable secure copy functionality (the default), use the no form of this command.
ip scp server enable
no ip scp server enable
This command has no arguments or keywords.
The secure copy function is disabled.
Global configuration
Release |
Modification |
---|---|
12.2(2)T |
This command was introduced. |
12.0(21)S |
This command was integrated into Cisco IOS Release 12.0(21)S and support for the Cisco 7500 series and Cisco 12000 series routers was added. |
12.2(18)SXD |
This command was integrated into Cisco IOS Release 12.2(18)SXD. |
12.2(25)S |
This command was integrated into Cisco IOS Release 12.2(15)S. |
12.2(33)SRA |
This command was integrated into Cisco IOS release 12.(33)SRA. |
Use this command to enable secure copying of files from systems using the Secure Shell (SSH) application. This secure copy function is accomplished by an addition to the copy command in the Cisco IOS software, which takes care of using the secure copy protocol (scp) to copy to and from a router while logged in to the router itself. Because copying files is generally a restricted operation in the Cisco IOS software, a user attempting to copy such files needs to be at the correct enable level.
The Cisco IOS software must also allow files to be copied to or from itself from a remote workstation running the SSH application (which is supported by both the Microsoft Windows and UNIX operating systems). To get this information, the Cisco IOS software must have authentication and authorization configured in the authentication, authorization, and accounting (AAA) feature. SSH already relies on AAA authentication to authenticate the user username and password. Scp adds the requirement that AAA authorization be turned on so that the operating system can determine whether or not the user is at the correct privilege level.
The following example shows a typical configuration that allows the router to securely copy files from a remote workstation. Because scp relies on AAA authentication and authorization to function properly, AAA must be configured.
aaa new-model aaa authentication login default tac-group tacacs+ aaa authorization exec default local username user1 privilege 15 password 0 lab ip scp server enable
The following example shows how to use scp to copy a system image from Flash memory to a server that supports SSH:
Router# copy flash:c4500-ik2s-mz.scp scp://user1@host1/ Address or name of remote host [host1]? Destination username [user1]? Destination filename [c4500-ik2s-mz.scp]? Writing c4500-ik2s-mz.scp Password: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Note | When using scp, you cannot enter the password into the copy command; enter the password when prompted. |
Command |
Description |
---|---|
aaa authentication login |
Sets AAA authentication at login. |
aaa authorization |
Sets parameters that restrict user access to a network. |
copy |
Copies any file from a source to a destination. |
debug ip scp |
Troubleshoots scp authentication problems. |
ip ssh port |
Enables secure network access to the tty lines. |
username |
Establishes a username-based authentication system. |