cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
43504
Views
12
Helpful
5
Replies

Copying files to or from ISE with SCP.

As per title - I'm having difficulty copying files to ISE's disk using SCP, any permutation of the syntax described in table 2-1 of http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/cli_ref_guide/b_ise_CLIReferenceGuide_14/b_ise_CLIReferenceGuide_14_chapter_010.html just gives me an 'invalid url' error.

Has anyone managed this successfully?

Example:

copy scp:username:password@10.10.10.10/network/ise-patchbundle-1.3.0.876-Patch6-167221.x86_64.tar.gz disk:/

% Error: invalid url

It is probably the scp: URL, because 'copy running-config disk:/' works.

Edit: I gave up and used FTP. SCP appears to never work.

1 Accepted Solution

Accepted Solutions

Rao29
Level 1
Level 1

It's working for me. 

 

*First check and confirm that the repository is available from the ISE Node. "Show repository name"

 

*You probably not using the correct directory > "copy sftp:// Server IP address followed by /home/user... "

 

*confirm the exact path to the file by either SSH to your SFTP server or from the web admin console "/administration/administration_system/administration_system_backup/repository"

 

"copy sftp://192.x.x.x/home/username/ise-upgradebundle-2.0.x-2.3.x-to-2.4.0.357.SPA.x86_64.tar.gz disk:/ "

 

*Prompts you for the username and password.

 

*Unfortunately, you don't see any progress bar once the copying starts but, you can open another ssh session and type DIR to check if the file is present and the disk is increasing.

Directory of disk:/

4096 08:03:41 corefiles/
9437227296  13:08:46 ise-upgradebundle-2.0.x-2.3.x-to-2.4.0.357.SPA.x86_64.tar.gz

View solution in original post

5 Replies 5

nspasov
Cisco Employee
Cisco Employee

From the looks of it, ISE is not happy about the URL which appears to be in the correct format:

scp:[[[//username [:password]@]location]/directory]/filename

- What type is your SCP server that you are trying to copy to?

- Have you confirmed that the user is mapped to the proper directory?

- Have you tried to just use the root directory and see if that works?

Thank you for rating helpful posts!

Rao29
Level 1
Level 1

It's working for me. 

 

*First check and confirm that the repository is available from the ISE Node. "Show repository name"

 

*You probably not using the correct directory > "copy sftp:// Server IP address followed by /home/user... "

 

*confirm the exact path to the file by either SSH to your SFTP server or from the web admin console "/administration/administration_system/administration_system_backup/repository"

 

"copy sftp://192.x.x.x/home/username/ise-upgradebundle-2.0.x-2.3.x-to-2.4.0.357.SPA.x86_64.tar.gz disk:/ "

 

*Prompts you for the username and password.

 

*Unfortunately, you don't see any progress bar once the copying starts but, you can open another ssh session and type DIR to check if the file is present and the disk is increasing.

Directory of disk:/

4096 08:03:41 corefiles/
9437227296  13:08:46 ise-upgradebundle-2.0.x-2.3.x-to-2.4.0.357.SPA.x86_64.tar.gz

hslai
Cisco Employee
Cisco Employee

Rao.Lutchia@barobinson.com is correct.

SCP is not currently supported. See CSCvh78921

What username and password is it looking for? That of the FTP server or the local admin of the ISE node

Mike.Cifelli
VIP Alumni
VIP Alumni

Use this link to setup remote sftp linux repo:

https://www.howtoforge.com/tutorial/how-to-setup-an-sftp-server-on-centos/

 

Don't forget to add the key to ISE:

ise/admin# configure terminal
ise/admin(config)# repository myrepository
ise/admin(config-Repository)# url sftp://ise
ise/admin(config-Repository)# host-key host ise

 

On your server you may see the following errors:

sshd[18546]: fatal: bad ownership or modes for chroot directory "/data/ise" [postauth]

sshd[18351]: fatal: no matching cipher found: client aes256-cbc,aes128-cbc,aes128-gcm@openssh.com,aes256-gcm@openssh.com server aes128-ctr,aes192-ctr,aes256-ctr [preauth]

 

Double check ownership on your directories you are writing to or pulling from. Also, if you need to tweak ciphers modify your sshd_config.

 

Or if you want to use ftp you can do so this way (process should be similar even if attempting to use SCP):

make sure you create local repo
#conf t
#repository REPO
##url disk:

 

copy ftp://XXXXX/FILENAME disk:/

delete FILE disk:/

 

HTH!