Once you have configured your switch to enable secure file transfers with SCP and SFTP, files can be copied to
or from the switch in a secure (encrypted) environment and TFTP is no longer necessary.
To use these commands, you must install on the administrator workstation a third-party application software client
that supports the SFTP and/or SCP functions. Some examples of software that supports SFTP and SCP are
PuTTY, Open SSH, WinSCP, and SSH Secure Shell. Most of these are freeware and may be downloaded without
cost or licensing from the internet. There are differences in the way these clients work, so be sure you also
download the documentation.
As described earlier in this chapter you can use a TFTP client on the administrator workstation to update software
images. This is a plain-text mechanism that connects to a standalone TFTP server or another switch acting as a
TFTP server to obtain the software image files. Using SCP and SFTP allows you to maintain your switches with
greater security. You can also roll out new software images with automated scripts that make it easier to upgrade
multiple switches simultaneously and securely.
SFTP is unrelated to FTP, although there are some functional similarities. Once you set up an SFTP session
through an SSH tunnel, some of the commands are the same as FTP commands. Certain commands are not
allowed by the SFTP server on the switch, such as those that create files or folders. If you try to issue commands
such as
create
or
remove
using SFTP, the switch server returns an error message.
You can use SFTP just as you would TFTP to transfer files to and from the switch, but with SFTP, your file
transfers are encrypted and require authentication, so they are more secure than they would be using TFTP.
SFTP works only with SSH version 2 (SSH v2).
NOTE:
SFTP over SSH version 1 (SSH v1) is not supported. A request from either the client or the
switch (or both) using SSH v1 generates an error message. The actual text of the error message
differs, depending on the client software in use. Some examples are:
Protocol major versions differ: 2 vs. 1
Connection closed
Protocol major versions differ: 1 vs. 2
Connection closed
Received disconnect from <
ip-addr
> : /usr/local/libexec/
sftp-server: command not supported
Connection closed
SCP is an implementation of the BSD
rcp
(Berkeley UNIX remote copy) command tunneled through an SSH
connection.
SCP is used to copy files to and from the switch when security is required. SCP works with both SSH v1 and SSH
v2. Be aware that the most third-party software application clients that support SCP use SSHv1.
The general process for using SCP and SFTP involves three steps:
Procedure
1.
Open an SSH tunnel between your computer and the switch if you have not already done so.
(This step assumes that you have already set up SSH on the switch.)
2.
Execute
ip ssh filetransfer
to enable secure file transfer.
3.
Use a third-party client application for SCP and SFTP commands.
Enabling SCP and SFTP
For more information about secure copy and SFTP, see
on page 348.
Chapter 11 File Transfers
349