Secure file transfer from the Router
Feature Name |
Release Information |
Feature Description |
---|---|---|
Secure file transfer from the Router |
Release 7.9.1 |
Your routers are now enabled to transfer files securely to an archive server. It’s made possible because the copy command now supports SFTP (Secure File Transfer Protocol) and SCP (Secure Copy Protocol using the underlying SSH protocol implementation. Secure transfer of files from the router maintains the integrity, confidentiality, and availability of network configurations. This feature modifies the copy command. |
You can duplicate files or data in the router from one location to another using the copy command. This functionality helps to create a copy of a file, folder, or data set and place it in a specific destination. You can use the copy functionality to back up files, move data between directories, create duplicates of the files for editing or distribution without modifying the original content. It also allows you to retain the original data while making a duplicate that you can further manipulate independently.
Starting with Cisco IOS XR Release 7.9.1, we’ve enhanced the functionality of the copy command to support secure file transfer from the router. Secure file transfer protects data during transit using the SFTP (Secure File Transfer Protocol) and SCP (Secure Copy Protocol) when sharing files within or across networks. The SFTP and SCP functionalities in the copy feature use the SSH protocol implementation in the router to secure transfer the files to a remote server.
You can use the following options in the copy command for secure file transfer:
-
sftp: You can transfer the files to a remote location using the SFTP file transfer protocol. SFTP is a secure file transfer protocol for transferring large files.
-
scp: You can transfer the files to a remote location using the SCP file transfer protocol. SCP is a secure copy protocol to transfer files between servers.
Starting Cisco IOS XR Software Release 7.10.1, you can use public-key authentication while copying the running configuration.
Configuration Example for SCP and SFTP Using Public-Key Authentication
While you’re using public-key authentication for copying running configuration from the router to a remote server, you don't need to mention password in the command. The following example shows how you can configure public-key authentication while copying configuration using the SCP protocol:
Router#copy running-config scp://root@192.0.4.2//var/opt/run_conf_scp.txt
Prerequisites for secure file transfer
Enable the SSH Server in the router:
Router# config
Router(config)# ssh server v2
Router(config)# ssh server vrf default
Router(config)# ssh server netconf vrf default
Router(config)# commit
Secure file transfer using SFTP
You can copy the running configuration file from the router to a remote server using SFTP as follows:
Router# copy running-config sftp://root:testpassword@192.0.2.1//var/opt/run_conf_sftp.txt
Destination file name (control-c to cancel): [/var/opt/run_conf_sftp.txt]?
.
215 lines built in 1 second
[OK]Connecting to 192.0.2.1...22
Password:
sftp> put /tmp/tmpsymlink/nvgen-34606-_proc_34606_fd_75 /var/opt/run_conf_sftp.txt
/tmp/tmpsymlink/nvgen-34606-_proc_34606_fd_75
Transferred 3271 Bytes
3271 bytes copied in 0 sec (3271000)bytes/sec
sftp> exit
Verification in the SFTP Server
[root@sftp_server ~]# ls -ltr /var/opt/run_conf_sftp.txt
-rw-r--r-- 1 root root 3271 Mar 21 18:07 /var/opt/run_conf_sftp.txt
Secure file transfer using SCP
You can copy the running configuration file from the router to a remote server using SFTP as follows:
Router# copy running-config sftp://root:testpassword@192.0.2.1//var/opt/run_conf_sftp.txt
Destination file name (control-c to cancel): [/var/opt/run_conf_sftp.txt]?
.
215 lines built in 1 second
[OK]Connecting to 192.0.2.1...22
Password:
sftp> put /tmp/tmpsymlink/nvgen-34606-_proc_34606_fd_75 /var/opt/run_conf_sftp.txt
/tmp/tmpsymlink/nvgen-34606-_proc_34606_fd_75
Transferred 3271 Bytes
3271 bytes copied in 0 sec (3271000)bytes/sec
sftp> exit
Verification in the SFTP Server
[root@sftp_server ~]# ls -ltr /var/opt/run_conf_sftp.txt
-rw-r--r-- 1 root root 3271 Mar 21 18:07 /var/opt/run_conf_sftp.txt