cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1845
Views
0
Helpful
4
Replies

Unable to archive config from a Cisco 800 router via SCP on non-standard port

jimwillsher
Level 1
Level 1

Hi

 

I have a Cisco 800 router running 12.x and I am trying to archive config to an external server. I CAN archive if I use FTP but I want to swap to SCP for encryption.

 

This is what I am using as a command for FTP:

 

path ftp://remote.xxx.co.uk/Shop/$h

 

and this is the command I am using for SCP:

 

path scp://username:pass@remote.xxx.co.uk:52398/Shop/$h

 

Note that the SCP server is NOT hosted on port 22, it's on 52398.

 

 

If I try to archive the config with FTP, it works fine, and sends the file in about 2 seconds. if I try to archive using SCP it sits there for an eternity - 120 seconds?  -then just returns to the command shell, and meanwhile on the SCP server there is no activity, not even a log in attempt. I am able to send files to the SCP server from a separate (also external) Linux box, so I know the SCP server is working and the firewalls with the custom port are correct.

 

Am I doing something wrong? Or can the Cisco SCP implementation not handle ports other than 22?

 

Many thanks

 

 

Jim

4 Replies 4

marce1000
VIP
VIP

 

                     >Note that the SCP server is NOT hosted on port 22, it's on 52398.

  Bad practice and or your cisco device has valid-rights to not trust or have this possibility. Meaning that the

tcp/ip port-stack has a privileged port-range for specific services, leading to a trust-relation when the standard ssh/scp port is being used (and of the course the S from scp also means Secure....)

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Hi marce1000

 

I appreciate the answer, but I'm not entirely sure I agree with it.

 

  • Most admins change the default port for common services.
  • We already have a different device listening on port 22 (it's a remote site and only have a single IP) so have no control over this
  • If that were the case, why would every SCP server on the planet allow the listening port to be changed?

Thanks

 

Jim

 

 Most admins change the default port for common services.

 - I will not go into circling-argumentation and appreciate and honor your response, but I consider the behavior as standard and best-secure practice.

 M. 



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Ok so let me rephrase the question.

 

Does Cisco's SCP:// path syntax, within the archive section, support custom ports. Or not.

 

From the IETF (submitted by....Cisco) : https://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-01#page-2

 

scp_URI = "scp://" [ userinfo "@" ] host [ ":" port ]
         [ ; parameter = value ] [ abs_path ]

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco