cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1414
Views
0
Helpful
8
Replies

Hiding SCP Password Using Archive Feature

Richard Clayton
Level 1
Level 1

Hi Guys

 
What I'm trying to achieve:
 
1.  Every time an engineer runs the write-memory command, a copy of the running config is sent to my SCP server.
2.  Every 7 days, a copy of the running config is sent to my SCP server.
3. The password in configuration is not shown in clear text.
 
It's just #3 that I hope there is a fix for.
 
Here is an example of my config.

archive
 path scp://user:password@1.2.3.4/CUSTOMERS/CUSTOMER1/CUSTOMER-LONDON6-ETH1.cfg
 write-memory
 time-period 10080
 
Because the password part of the SCP config is not an IOS recognised password I don't appear to be able to encrypt it.  If that's the case is there a secure fudge, like somehow referencing a local username that does have password encryption.
 
I'm not looking for server based solutions like SolarWinds etc.
 
Thanks
Rick
8 Replies 8

Hello,

 I dont think there is a way around it. What I suggest is not send the backup to the external server right the way but store it in the flash. Then, from the remote server you stract using SCP. The cisco device will act as scp server and not client. 

Hi

Thanks for responding but I'm looking for a secure push to server solution instead of a pull from server.

Thanks

Service password encryption <<- I think this command effect your scp config copy.

Hi

This isn't correct.

Thanks

Rick

Leo Laohoo
Hall of Fame
Hall of Fame
archive
 log config
  HIDEKEYS

Hi

This isn't correct, this command hides IOS aware passwords in the saved config.

Thanks

Rick

kirchhoffpolska
Level 1
Level 1

HI

I am facing exactly same issue with SFTP 

Did you found solution for that?

Pawel

Martin Blaesser
Level 1
Level 1

Hi, password encryption ist not possible. 

But Schedule and with "write" are :

!
!
archive
log config
logging enable
hidekeys
path scp://user:pass@w.x.y.z/$h_
write-memory
!

!
kron occurrence save-config-schedule at 22:00 recurring
policy-list save-config
!
kron policy-list save-config
cli archive config