Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2471
Views
0
Helpful
4
Replies

Unable to archive config from a Cisco 800 router via SCP on non-standard port

jimwillsher
Level 1
Level 1

‎05-01-2020 02:55 AM - edited ‎05-01-2020 03:24 AM

Hi

 

I have a Cisco 800 router running 12.x and I am trying to archive config to an external server. I CAN archive if I use FTP but I want to swap to SCP for encryption.

 

This is what I am using as a command for FTP:

 

path ftp://remote.xxx.co.uk/Shop/$h

 

and this is the command I am using for SCP:

 

path scp://username:pass@remote.xxx.co.uk:52398/Shop/$h

 

Note that the SCP server is NOT hosted on port 22, it's on 52398.

 

 

If I try to archive the config with FTP, it works fine, and sends the file in about 2 seconds. if I try to archive using SCP it sits there for an eternity - 120 seconds?  -then just returns to the command shell, and meanwhile on the SCP server there is no activity, not even a log in attempt. I am able to send files to the SCP server from a separate (also external) Linux box, so I know the SCP server is working and the firewalls with the custom port are correct.

 

Am I doing something wrong? Or can the Cisco SCP implementation not handle ports other than 22?

 

Many thanks

 

 

Jim

Labels:
0 Helpful
4 Replies 4

marce1000
Hall of Fame
Hall of Fame

‎05-01-2020 04:42 AM

 

                     >Note that the SCP server is NOT hosted on port 22, it's on 52398.

  Bad practice and or your cisco device has valid-rights to not trust or have this possibility. Meaning that the

tcp/ip port-stack has a privileged port-range for specific services, leading to a trust-relation when the standard ssh/scp port is being used (and of the course the S from scp also means Secure....)

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

jimwillsher
Level 1
Level 1
In response to marce1000

‎05-01-2020 04:54 AM

Hi marce1000

 

I appreciate the answer, but I'm not entirely sure I agree with it.

 

  • Most admins change the default port for common services.
  • We already have a different device listening on port 22 (it's a remote site and only have a single IP) so have no control over this
  • If that were the case, why would every SCP server on the planet allow the listening port to be changed?

Thanks

 

Jim

0 Helpful

marce1000
Hall of Fame
Hall of Fame
In response to jimwillsher

‎05-01-2020 05:14 AM

 

 Most admins change the default port for common services.

 - I will not go into circling-argumentation and appreciate and honor your response, but I consider the behavior as standard and best-secure practice.

 M. 



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

jimwillsher
Level 1
Level 1
In response to marce1000

‎05-01-2020 06:25 AM - edited ‎05-01-2020 06:26 AM

Ok so let me rephrase the question.

 

Does Cisco's SCP:// path syntax, within the archive section, support custom ports. Or not.

 

From the IETF (submitted by....Cisco) : https://tools.ietf.org/html/draft-ietf-secsh-scp-sftp-ssh-uri-01#page-2

 

scp_URI = "scp://" [ userinfo "@" ] host [ ":" port ]
         [ ; parameter = value ] [ abs_path ]

 

0 Helpful
Customers Also Viewed These Support Documents
Top