Available CategoriesAdobeMacromediaProgrammingSQLServer AdministrationNetworkingMicrosoft ProductsMac OSLinux systemsMobile devicesXMLCertificationMiscAvailable TutorialsLan switching fundamentalsRouter firewall securityWireless lan securityIntegrated cisco and unix network architecturesLan switching first-stepMpls VPN securityBeginner's guide to wi-fi wireless networking802.11 security. wi-fi protected access and 802.11iWimax Technology for broadband wireless accessWireless community networksNetwork security assessmentNetwork security hacksNetwork ManagementWireless networks first-stepLAN switching first-stepCCSP Cisco Certified Security Professional CertificationCheck Point FireWallMPLS and VPN Architectures |
Secure Copy
It seems that SCP is out of place in this chapter and really should be covered in Chapter 3. However, SCP requires the configuration of AAA to use it, so I have decided to cover it here instead of Chapter 3. Preparation for SCPThe configuration of SSH was discussed in Chapter 3. You need to configure at least three things:
SCP also requires the use of AAA authorization. Therefore, you need to use some of the commands discussed in this chapter to implement SCP. NOTE Note that not all routers support SCP. Here is a list of currently supported routers: 1700, 2600, 3600, 7200, 7500, and 12000 series models. SCP ConfigurationAfter you have set up SSH, you need to configure AAA for SCP:
The last step is to set up the router as an SCP server:
Router(config)# ip scp server enable
SCP TroubleshootingAfter you have set up SCP, you can test it by copying files to and from the router. From the router, use the following syntax: Router# copy source_file scp://user_name@IP_address_of_server/ Address or name of remote host [x.x.x.x]? Destination username [username]? Destination filename [file_name] Writing file_name Password: Router# As you can see, you need to use the scp keyword in the destination filename. If you are having problems, use the following debug commands:
Example 5-11 shows an example of the debug ip scp command and a successful copy. Example 5-11. Troubleshooting SCP Connections
Router# debug ip scp
2d01h:SCP:[22 -> 10.0.0.100:1019] send <OK>
2d01h:SCP:[22 <- 10.0.0.100:1019] recv C0648 21 router.cfg
2d01h:SCP:[22 -> 10.0.0.100:1019] send <OK>
2d01h:SCP:[22 <- 10.0.0.100:1019] recv 21 bytes
2d01h:SCP:[22 <- 10.0.0.100:1019] recv <OK>
2d01h:SCP:[22 -> 10.0.0.100:1019] send <OK>
2d01h:SCP:[22 <- 10.0.0.100:1019] recv <EOF>
SCP ExampleExample 5-12 shows a simple example of setting up SCP to use local authentication. Example 5-12. Setting up SCPRouter(config)# hostname bullmastiff bullmastiff(config)# ip domain-name quizware.com bullmastiff(config)# crypto key generate rsa The name for the keys will be: bullmastiff.quizware.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 2048 % Generating 1024 bit RSA keys ...[OK] 00:02:25: %SSH-5-ENABLED: SSH 1.5 has been enabled bullmastiff(config)# access-list 1 permit 10.0.0.50 bullmastiff(config)# line vty 0 4 bullmastiff(config-line)# login local bullmastiff(config-line)# transport input ssh bullmastiff(config-line)# transport output ssh bullmastiff(config-line)# access-class 1 in bullmastiff(config-line)# end bullmastiff(config)# aaa new-model bullmastiff(config)# aaa authentication login default local bullmastiff(config)# aaa authorization exec default local bullmastiff(config)# username admin1 privilege 15 secret cisco bullmastiff(config)# ip scp server enable In this example, the first part sets up SSH and restricts Telnet/SSH access to only one device: 10.0.0.50. Following this is the AAA configuration to allow SCP operations. In this example, local authentication/authorization is used, and one account has been created on the router: admin1.
|
