Should be a pretty quick post but since I don’t configure either of these two services that frequently it warrants some documentation.
SCP uses the same port (TCP 22) as SSH so you’ll need to configure SSH before you configure SCP. So let’s start with the SSH configuration.
Switch(config)#hostname myswitch
myswitch(config)#ip domain-name interubernet.local
myswitch(config)#crypto key generate rsa
The name for the keys will be: myswitch.interubernet.local
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 2048
% Generating 2048 bit RSA keys, keys will be non-exportable…[OK]
*Mar 1 00:07:09.756: %SSH-5-ENABLED: SSH 1.99 has been enabled
myswitch(config)#end
myswitch#
So that was pretty straight forward. Keep in mind that you need to configure the hostname and domain before you generate the keys. Once SSH is enabled, we can enable SCP…
myswitch(config)#int vlan 1
myswitch(config-if)#ip address 10.20.30.9 255.255.255.0
myswitch(config-if)#no shut
myswitch(config-if)#exit
myswitch(config)#username jlangem privilege 15 password mypassword
myswitch(config)#aaa new-model
myswitch(config)#aaa authentication login default local
myswitch(config)#aaa authorization exec default local
myswitch(config)#ip scp server enable
myswitch(config)#end
So I gave the box an IP on this step as well just so we can test. Remember that you need to configure AAA. In particular, you need to configure exec authorization so the copy function can work.
Quick test from your favorite SCP client…
And a SSH to the switch should work as well…
That’s it! SCP has saved me a couple of times when I didn’t have TFTP or FTP firewall rules in place.