ASA Copy local flash bin files to SCP

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2025 03:28 PM
Dear Team,
I wanted to copy the flash file "asdm-761AAAA.bin" from our ASA to SCP running on a Windows server .
Could you please share the exact commands?
*******************************************
ciscoasa# copy scp: flash:?
flash:/.boot_string flash:/FSCK0000.REC
flash:/FSCK0001.REC flash:/LOCAL-CA-SERVER
flash:/NetSole_client_profile.xml
flash:/anyconnect-win-3.1.13015-pre-deploy-k9.msi
flash:/anyconnect-win-3.1.14018-k9.pkg
flash:/asa961-lfbff-k8.SPA
flash:/asdm-761.bin
flash:/asdm-761AAAA.bin
flash:/asdm-761sssss.bin flash:/coredumpinfo
flash:/crypto_archive
flash:/log
flash:/snmp
flash:/vpnclient-win-msi-5.0.07.0290-k9.exe
***************************
Cisco Adaptive Security Appliance Software Version 9.6(1)
Device Manager Version 7.6(1)
Compiled on Fri 18-Mar-16 14:04 PDT by builders
System image file is "disk0:/asa961-lfbff-k8.SPA"
Config file at boot was "startup-config"
ciscoasa up 121 days 0 hours
Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8192MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB
Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2025 05:16 PM
Syntax as below :
# copy flash:/asdm-761AAAA.bin scp:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2025 05:36 PM
Thank you
commands are correct but seems like something is wrong on SCP server , tried on 2 different servers
ciscoasa# copy flash:/asdm-761AAAA.bin scp:
Source filename [asdm-761AAAA.bin]?
Address or name of remote host []? 192.168.1.80
Destination username []? admin
Destination filename [asdm-761AAAA.bin]? sdfasdfafadf
%Error opening scp://admin@192.168.1.80/sdfasdfafadf (Permission denied)
ciscoasa# copy flash:/asdm-761AAAA.bin scp:
Source filename [asdm-761AAAA.bin]?
Address or name of remote host []? 192.168.1.80
Destination username []? usman
Destination filename [asdm-761AAAA.bin]?
%Error opening scp://usman@192.168.1.80/asdm-761AAAA.bin (Permission denied)
ciscoasa# copy flash:/asdm-761AAAA.bin scp:
Source filename [asdm-761AAAA.bin]?
Address or name of remote host []? 192.168.1.80
Destination username []?
?Username not specified
%Error parsing filename (Resource temporarily unavailable)
ciscoasa# copy flash:/asdm-761AAAA.bin scp:
Source filename [asdm-761AAAA.bin]?
Address or name of remote host []? 192.168.1.80
Destination username []? admin
Destination filename [asdm-761AAAA.bin]? abcdef
%Error opening scp://admin@192.168.1.80/abcdef (Permission denied)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2025 12:44 AM
The issue is not with command, the issue is permission issue of the remote SCP Server
what SCP Server is this running on Windows Server
check - some SCP server need ASA IP to add in allow list (check the SCP Documentation)
also check the Logs in Windows Server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2025 09:21 PM
@Haider Malik please enable "secure copy" on asa through command "ssh scopy enable" firstly. Then you also need to configure the SSH host-key on asa through command "ssh key-exchange hostkey xxx".
Then you can try to use "copy disk0:/asdm.bin scp://username@scp-server-ip/path/to/save"
Here is the successful example in my lab asa for your reference.
TestFW(config)# copy disk0:/khost.log scp://fangni@192.168.1.9/Downloads/test/khost.log
Source filename [khost.log]?
Address or name of remote host [192.168.1.9]?
Destination username [fangni]?
Destination filename [Downloads/test/khost.log]?
Password: ***********
!!!
2090 bytes copied in 5.550 secs (418 bytes/sec)
Related SSH configuration from lab ASA as below:
TestFW(config)# show run ssh
no ssh stack ciscossh
ssh scopy enable
ssh stricthostkeycheck
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group14-sha256
ssh key-exchange hostkey eddsa
ssh 192.168.1.0 255.255.255.0 management
If you saw the error saying some host-key related, you can modify the host key on ASA or SCP server side to get it matched to move forward.
Wish above helps.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2025 12:37 AM - edited 03-21-2025 12:51 AM
@MarkNi
Thank you .
Looks like the user on ASA have some permissions issue.
I tried following up with different SCP vendors, but every time, I get (Permission denied) additionally, it's not even asking for the password for SCP user as in your case.
ciscoasa# sh run ssh
ssh scopy enable
ssh stricthostkeycheck
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
ciscoasa#
ciscoasa(config)# copy flash:/asdm-761AAAA.bin scp://admin@192.168.1.80/Downlo$
Source filename [asdm-761AAAA.bin]?
Address or name of remote host [192.168.1.80]?
Destination username [admin]?
Destination filename [Downloads/test/asdm-761AAAAassas.bin]?
%Error opening scp://admin@192.168.1.80/Downloads/test/asdm-761AAAAassas.bin (Permission denied)
ciscoasa(config)#
ciscoasa(config)# copy flash:/asdm-761AAAA.bin scp://admin@192.168.1.80/asdm-7$
Source filename [asdm-761AAAA.bin]?
Address or name of remote host [192.168.1.80]?
Destination username [admin]?
Destination filename [asdm-761AAAAassas.bin]?
%Error opening scp://admin@192.168.1.80/asdm-761AAAAassas.bin (Permission denied)
ciscoasa(config)#
copy disk0:/asdm-761AAAA.bin scp://admin@192.168.1.80/Downloads/test/asdm-761AAAAassas.bin
ciscoasa(config)# copy disk0:/asdm-761AAAA.bin scp://admin@192.168.1.80/Downlo$
Source filename [asdm-761AAAA.bin]?
Address or name of remote host [192.168.1.80]?
Destination username [admin]?
Destination filename [Downloads/test/asdm-761AAAAassas.bin]?
%Error opening scp://admin@192.168.1.80/Downloads/test/asdm-761AAAAassas.bin (Permission denied)
ciscoasa(config)#
ciscoasa(config)# copy running-config scp://admin@192.168.1.80
Source filename [running-config]?
Address or name of remote host [192.168.1.80]?
Destination username [admin]?
Destination filename [running-config]?
Cryptochecksum: 48513c39 d4c115b7 7ae5bf63 8d233ef0
%Error opening scp://admin@192.168.1.80/running-config (Permission denied)
ciscoasa(config)#
Any help on this please ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2025 12:46 AM
Hi @Haider Malik from your config of ssh, it seems missing "ssh key-exchange hostkey xxx" . Please make sure you have hostkey configured for ssh.
After that, you can enable "debug ssh 255" and "terminal monitor" , then try to copy again to see if you can find any errors from the debug output.
Wish above helps.
