C H A P T E; Secure Copy; Prerequisites For Secure Copy; Information About Secure Copy - Cisco Catalyst 9500 Manual

Secure Copy

This document provides the procedure to configure a Cisco device for Secure Copy (SCP) server-side
functionality.
•
•
•
•
•
•

Prerequisites for Secure Copy

• Configure Secure Shell (SSH), authentication, and authorization on the device.
• Because the Secure Copy Protocol (SCP) relies on SSH for its secure transport, the device must have a

Information About Secure Copy

The Secure Copy feature provides a secure and authenticated method for copying switch configurations or
switch image files. The Secure Copy Protocol (SCP) relies on Secure Shell (SSH), an application and a protocol
that provides a secure replacement for the Berkeley r-tools.
The behavior of SCP is similar to that of Remote Copy Protocol (RCP), which comes from the Berkeley
r-tools suite (Berkeley university's own set of networking applications), except that SCP relies on SSH for
security. In addition, SCP requires authentication, authorization, and accounting (AAA) to be configured to
ensure that the device can determine whether a user has the correct privilege level.
SCP allows only users with a privilege level of 15 to copy a file in the Cisco IOS File System (Cisco IFS) to
and from a device by using the copy command. An authorized administrator can also perform this action from
a workstation.
Prerequisites for Secure Copy, on page 245
Information About Secure Copy, on page 245
How to Configure Secure Copy, on page 246
Configuration Examples for Secure Copy, on page 249
Additional References for Secure Copy, on page 250
Feature Information for Secure Copy, on page 250
Rivest, Shamir, and Adelman (RSA) key pair.
System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
10
C H A P T E R
245