ip inspect through ip security strip
ip scp server enable
To enable the router to securely copy files from a remote workstation, use the ip scp server enable command in global configuration mode. To disable secure copy functionality (the default), use the no form of this command.
ip scp server enable
no ip scp server enable
Syntax Description
This command has no arguments or keywords.
Command Default
The secure copy function is disabled.
Command Modes
Global configuration
Command History
|
Release |
Modification |
|---|---|
|
12.2(2)T |
This command was introduced. |
|
12.0(21)S |
This command was integrated into Cisco IOS Release 12.0(21)S and support for the Cisco 7500 series and Cisco 12000 series routers was added. |
|
12.2(18)SXD |
This command was integrated into Cisco IOS Release 12.2(18)SXD. |
|
12.2(25)S |
This command was integrated into Cisco IOS Release 12.2(15)S. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS release 12.(33)SRA. |
Usage Guidelines
Use this command to enable secure copying of files from systems using the Secure Shell (SSH) application. This secure copy function is accomplished by an addition to the copy command in the Cisco IOS software, which takes care of using the secure copy protocol (scp) to copy to and from a router while logged in to the router itself. Because copying files is generally a restricted operation in the Cisco IOS software, a user attempting to copy such files needs to be at the correct enable level.
The Cisco IOS software must also allow files to be copied to or from itself from a remote workstation running the SSH application (which is supported by both the Microsoft Windows and UNIX operating systems). To get this information, the Cisco IOS software must have authentication and authorization configured in the authentication, authorization, and accounting (AAA) feature. SSH already relies on AAA authentication to authenticate the user username and password. Scp adds the requirement that AAA authorization be turned on so that the operating system can determine whether or not the user is at the correct privilege level.
Examples
The following example shows a typical configuration that allows the router to securely copy files from a remote workstation. Because scp relies on AAA authentication and authorization to function properly, AAA must be configured.
aaa new-model aaa authentication login default tac-group tacacs+ aaa authorization exec default local username user1 privilege 15 password 0 lab ip scp server enable
The following example shows how to use scp to copy a system image from Flash memory to a server that supports SSH:
Router# copy flash:c4500-ik2s-mz.scp scp://user1@host1/ Address or name of remote host [host1]? Destination username [user1]? Destination filename [c4500-ik2s-mz.scp]? Writing c4500-ik2s-mz.scp Password: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 Note | When using scp, you cannot enter the password into the copy command; enter the password when prompted. |
Related Commands
|
Command |
Description |
|---|---|
|
aaa authentication login |
Sets AAA authentication at login. |
|
aaa authorization |
Sets parameters that restrict user access to a network. |
|
copy |
Copies any file from a source to a destination. |
|
debug ip scp |
Troubleshoots scp authentication problems. |
|
ip ssh port |
Enables secure network access to the tty lines. |
|
username |
Establishes a username-based authentication system. |
Feedback