Cisco Catalyst 2960 Software Configuration Manual page 267

Chapter 9 Configuring Switch-Based Authentication
Because SSH also relies on AAA authentication, and SCP relies further on AAA authorization, correct
configuration is necessary.
•
•
Note When using SCP, you cannot enter the password into the copy command. You must enter the password
when prompted.
Information About Secure Copy
To configure the Secure Copy feature, you should understand these concepts.
The behavior of SCP is similar to that of remote copy (rcp), which comes from the Berkeley r-tools
suite, except that SCP relies on SSH for security. SCP also requires that authentication, authorization,
and accounting (AAA) authorization be configured so the router can determine whether the user has the
correct privilege level.
A user who has appropriate authorization can use SCP to copy any file in the Cisco IOS File System
(IFS) to and from a switch by using the copy command. An authorized administrator can also do this
from a workstation.
For information about how to configure and verify SCP, see the "Secure Copy Protocol" section in the
Cisco IOS Security Configuration Guide: Securing User Services, Release 12.4:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_secure_copy_ps6350
_TSD_Products_Configuration_Guide_Chapter.html
OL-26520-01
Before enabling SCP, you must correctly configure SSH, authentication, and authorization on the
switch.
Because SCP relies on SSH for its secure transport, the router must have an Rivest, Shamir, and
Adelman (RSA) key pair.
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
Configuring the Switch for Secure Copy Protocol
9-53