The Secure Copy Protocol (SCP) feature provides a secure and authenticated method for copying switch configurations or switch
image files. SCP relies on Secure Shell (SSH), an application and a protocol that provides a secure replacement for the Berkeley
The behavior of Secure Copy (SCP) is similar to that of remote copy (RCP), which comes from the Berkeley r-tools suite (Berkeley
university’s own set of networking applications), except that SCP relies on Secure Shell (SSH) for security. In addition,
SCP requires that authentication, authorization, and accounting (AAA) authorization be configured so that the device can determine
whether the user has the correct privilege level.
SCP allows a user only with a privilege level of 15 to copy any file that exists in the Cisco IOS File System (IFS) to and
from a device by using the copy command. An authorized administrator may also perform this action from a workstation.
Enable the SCP option while using the pscp.exe file.
For SSH to work, the switch needs an RSA public/private key pair. This is the same with SCP, which relies on SSH for its secure
Because SSH also relies on AAA authentication, and SCP relies further on AAA authorization, correct configuration is necessary.
Before enabling SCP, you must correctly configure SSH, authentication, and authorization on the switch.
Because SCP relies on SSH for its secure transport, the router must have an Rivest, Shamir, and Adelman (RSA) key pair.