7-57
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-12247-04
Chapter 7 Configuring Switch-Based Authentication
Configuring the Switch for Secure Copy Protocol
Configuring the Switch for Secure Copy Protocol
The Secure Copy Protocol (SCP) feature provides a secure and authenticated method for copying switch
configurations or switch image files. SCP relies on Secure Shell (SSH), an application and a protocol
that provides a secure replacement for the Berkeley r-tools.
For SSH to work, the switch needs an RSA public/private key pair. This is the same with SCP, which
relies on SSH for its secure transport.
Because SSH also relies on AAA authentication, and SCP relies further on AAA authorization, correct
configuration is necessary.
•
Before enabling SCP, you must correctly configure SSH, authentication, and authorization on the
switch.
•
Because SCP relies on SSH for its secure transport, the router must have an Rivest, Shamir, and
Adelman (RSA) key pair.
Note
When using SCP, you cannot enter the password into the copy command. You must enter the password
when prompted.
Information About Secure Copy
To configure Secure Copy feature, you should understand these concepts.
The behavior of SCP is similar to that of remote copy (rcp), which comes from the Berkeley r-tools suite,
except that SCP relies on SSH for security. SCP also requires that authentication, authorization, and
accounting (AAA) authorization be configured so the router can determine whether the user has the
correct privilege level.
A user who has appropriate authorization can use SCP to copy any file in the Cisco IOS File System
(IFS) to and from a switch by using the
copy
command. An authorized administrator can also do this
from a workstation.
For more information on how to configure and verify SCP, see the “Secure Copy Protocol” chapter of
the
Feature Guides, Cisco IOS Software Releases 12.2T,
at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087b18
.html