Table Of Contents
CISCO-CONFIG-COPY-MIB: Secure Copy Support
Information About CISCO-CONFIG-COPY-MIB Secure Copy Support
CISCO-CONFIG-COPY-MIB Secure Copy Implementation
Cisco IOS Software Secure Copy Support
How to Use Secure Copy Support
Configuration Examples for Secure Copy Support
Secure Copy Support Configuration and File Copy Example
CISCO-CONFIG-COPY-MIB: Secure Copy Support
The CISCO-CONFIG-COPY-MIB: Secure Copy Support feature enhances the CISCO-CONFIG-COPY-MIB by adding support for the copy Cisco IOS EXEC command, and implementing file transfers between a router and server using the secure copy protocol (scp).
Feature Specifications for CISCO-CONFIG-COPY-MIB: Secure Copy Support
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•Information About CISCO-CONFIG-COPY-MIB Secure Copy Support
•How to Use Secure Copy Support
•Configuration Examples for Secure Copy Support
Information About CISCO-CONFIG-COPY-MIB Secure Copy Support
To use the CISCO-CONFIG-COPY-MIB: Secure Copy Support features, you need to understand the following concepts:
•CISCO-CONFIG-COPY-MIB Secure Copy Implementation
•Cisco IOS Software Secure Copy Support
CISCO-CONFIG-COPY-MIB Secure Copy Implementation
The CISCO-CONFIG-COPY-MIB has been enhanced to support the scp copy utility.
CISCO-CONFIG-COPY-MIB is platform-independent and provides objects to allow the copy functionality. For example, there are objects that provide the status of a copy operation and the reason for failure, if any.
This feature provides network management software with the ability to copy running and startup configuration files from a Cisco router that supports scp.
Use the SNMP Object Navigator tool in the Cisco MIB Locator at this web location, http://tools.cisco.com/ITDIT/MIBS/servlet/index, to view the CISCO-CONFIG-COPY-MIB.
Cisco IOS Software Secure Copy Support
The Cisco IOS software has had the ability to copy files such as the startup configuration and router images to and from routers using copy protocols such as rcp from the Berkeley r-tools suite. Recently, the Cisco IOS software began supporting Secure Shell (SSH), a more secure replacement for the Berkeley r-tool suite; however, scp functionality was not included. Cisco customers are becoming increasingly aware of security issues and have routers that they need to manage securely. In addition to the file copy enhancements added to the CISCO-CONFIG-COPY-MIB in the Cisco IOS Release 12.3(2)T, the scp: function has been added to the Cisco IOS copy EXEC command, to allow the secure and authenticated copying of router configurations and router images.
How to Use Secure Copy Support
This section contains the following task:
•Using Secure Copy Support (required for secure file transfers)
Using Secure Copy Support
Using the secure copy support available in Cisco IOS Release 12.3(2) requires that the following configurations be done first:
•Configure a Cisco router for SCP server-side functionality. Refer to the Secure Copy feature module for the configuration tasks.
•If required, configure SSH terminal-line access. Refer to the SSH Terminal-Line Access feature module for the configuration tasks.
This task transfers files between a router and server using scp:
SUMMARY STEPS
1. enable
2. copy flash:destination-filename scp://username@{location | /directory | /filename}
DETAILED STEPS
Configuration Examples for Secure Copy Support
This section contains the following example:
•Secure Copy Support Configuration and File Copy Example
Secure Copy Support Configuration and File Copy Example
The following example shows a typical configuration that allows the router to securely copy files from a remote workstation. Because SCP relies on authentication, authorization, and accounting (AAA) authentication and authorization to function properly, AAA must be configured.
aaa new-modelaaa authentication login default tac-group tacacs+aaa authorization exec default localusername user1 privilege 15 password 0 labip scp server enableThe following example shows how to use scp to copy a system image from Flash memory to a server that supports SSH:
Router# copy flash:c4500-ik2s-mz.scp scp://user1@host1/Address or name of remote host [host1]?Destination username [user1]?Destination filename [c4500-ik2s-mz.scp]?Writing c4500-ik2s-mz.scpPassword:!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Note When using scp, you cannot enter the password into the copy EXEC command; enter the password when prompted.
Additional References
For additional information related to the CISCO-CONFIG-COPY-MIB: Secure Copy Support feature, see the following sections:
•MIBs
•RFCs
Related Documents
Related Topic Document TitleSecure Copy Protocol
Configuring SSH on a Cisco router
Cisco IOS file copy procedures
"Loading and Maintaining System Images" chapter in the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide.
Standards
MIBs
MIBs MIBs Link•CISCO-CONFIG-COPY-MIB
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
RFCs
RFCs TitleSecure Shell
Network Working Group Internet-Draft "SSH Connection Protocol," which can be obtained from the following URL:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-secsh-connect-16.txt
Technical Assistance
Command Reference
The following commands are introduced or modified in the feature or features
•copy
•ip scp server enable
For information about these commands, see the Cisco IOS Security Command Reference at
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_book.html.
For information about all Cisco IOS commands, see the Command Lookup Tool at
http://tools.cisco.com/Support/CLILookup or the Master Command List.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.