HomeCisco ASAUsing SCP to copy files to/from ASA

Using SCP to copy files to/from ASA

Software Effect Enterprises, Inc Posted on by

(Updated 2019/05/21)

Copying the IOS to/from the asa

  1. ssh or use the console cable to connect to the asa. Get into configure mode:
    en
    (Enter enable password)
    conf t
  2. Create a user (or modify an existing user) with privilege 15
    user myNewUsername password MyNewUserPassword privilege 15
  3. Enable scopy
    ssh scopy enable
  4. Save your work
    exit
    wr mem

On your linux system, to copy a file to the ASA

scp filename myNewUusername@IP.Address.Of.ASA:filename

On your linux system, to copy a file from the ASA

scp myNewUusername@IP.Address.Of.ASA:filename .

Please note  – there is a colon ( : ) between the ip address/host name of the asa and the file name!!

If you are using Windows, follow the instructions for your favorite ssh/scp client.

Copying the startup-config or running-config to/from the asa

Configure the asa as outlined above – but you will have the ssh to the asa, then copy the config to the target device

Example for cisco 9.9:

copy startup-config scp://user:password@DestinationIPAddress/MyFilename

Address or name of remote host [DestinationIPAddress]?  (hit enter)

Destination username [user]? (hit enter)

Destination filename [MyFilename]?
!!!!!!!!!!!!!!!!
15840 bytes copied in 0.370 secs

Note – when using this function – the file is copied to the user’s home directory. If you want to put it in some other directory, say /opt use the command

copy startup-config scp://user:password@DestinationIPAddress//opt/MyFilename

Note the double // in the above string

Example for cisco 9.6:

You must always spell out the entire path (unlike with version 9.9)

copy startup-config scp://user:password@DestinationIPAddress/home/user/MyFilename

Address or name of remote host [DestinationIPAddress]?  (hit enter)

Destination username [user]? (hit enter)

Destination filename [MyFilename]?
!!!!!!!!!!!!!!!!
15840 bytes copied in 0.370 secs

 

That is it!

 

Errors!

You execute the copy command and you get the following message:

%Error opening scp://username@linux.server.ip.address/somefilename.txt (Permission denied)

You check the /var/log/secure log on the target system and you see:

Unable to negotiate with my.asa.ip.address port someportnum: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]

Add the following lines to your asa configuration

ssh cipher encryption custom aes128-ctr:aes256-ctr:aes128-ctr
ssh key-exchange group dh-group14-sha1
ssh version 2

 

 

Comments are closed.