Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
680
Views
2
Helpful
6
Replies

ASA Copy local flash bin files to SCP

Haider Malik
Level 1
Level 1

‎03-20-2025 03:28 PM

Dear Team,
I wanted to copy the flash file  "asdm-761AAAA.bin" from our ASA to SCP running on a Windows server . 
 
Could you please share the exact commands? 


*******************************************

ciscoasa# copy scp: flash:?

flash:/.boot_string flash:/FSCK0000.REC
flash:/FSCK0001.REC flash:/LOCAL-CA-SERVER
flash:/NetSole_client_profile.xml
flash:/anyconnect-win-3.1.13015-pre-deploy-k9.msi
flash:/anyconnect-win-3.1.14018-k9.pkg

flash:/asa961-lfbff-k8.SPA
flash:/asdm-761.bin

flash:/asdm-761AAAA.bin
flash:/asdm-761sssss.bin flash:/coredumpinfo
flash:/crypto_archive

flash:/log
flash:/snmp
flash:/vpnclient-win-msi-5.0.07.0290-k9.exe


***************************

Cisco Adaptive Security Appliance Software Version 9.6(1)
Device Manager Version 7.6(1)

Compiled on Fri 18-Mar-16 14:04 PDT by builders
System image file is "disk0:/asa961-lfbff-k8.SPA"
Config file at boot was "startup-config"

ciscoasa up 121 days 0 hours

Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
Internal ATA Compact Flash, 8192MB
BIOS Flash M25P64 @ 0xfed01000, 16384KB

Encryption hardware device : Cisco ASA Crypto on-board accelerator (revision 0x1)
Number of accelerators: 1





0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎03-20-2025 05:16 PM

Syntax as below :

# copy flash:/asdm-761AAAA.bin  scp:

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Haider Malik
Level 1
Level 1
In response to balaji.bandi

‎03-20-2025 05:36 PM

Thank you 

commands are correct but seems like something is wrong on SCP server , tried on 2 different servers

ciscoasa# copy flash:/asdm-761AAAA.bin scp:

Source filename [asdm-761AAAA.bin]?

Address or name of remote host []? 192.168.1.80

Destination username []? admin

Destination filename [asdm-761AAAA.bin]? sdfasdfafadf

%Error opening scp://admin@192.168.1.80/sdfasdfafadf (Permission denied)



ciscoasa# copy flash:/asdm-761AAAA.bin scp:

Source filename [asdm-761AAAA.bin]?

Address or name of remote host []? 192.168.1.80

Destination username []? usman

Destination filename [asdm-761AAAA.bin]?

%Error opening scp://usman@192.168.1.80/asdm-761AAAA.bin (Permission denied)




ciscoasa# copy flash:/asdm-761AAAA.bin scp:

Source filename [asdm-761AAAA.bin]?

Address or name of remote host []? 192.168.1.80

Destination username []?

?Username not specified
%Error parsing filename (Resource temporarily unavailable)
ciscoasa# copy flash:/asdm-761AAAA.bin scp:

Source filename [asdm-761AAAA.bin]?

Address or name of remote host []? 192.168.1.80

Destination username []? admin

Destination filename [asdm-761AAAA.bin]? abcdef

%Error opening scp://admin@192.168.1.80/abcdef (Permission denied)

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Haider Malik

‎03-21-2025 12:44 AM

The issue is not with command, the issue is permission issue of the remote SCP Server 

what SCP Server is this running on Windows Server 

check - some SCP server need ASA IP to add in allow list (check the SCP Documentation)

also check the Logs in Windows Server.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MarkNi
Cisco Employee
Cisco Employee

‎03-20-2025 09:21 PM

@Haider Malik  please enable "secure copy" on asa through command "ssh scopy enable" firstly. Then you also need to configure the SSH host-key on asa through command "ssh key-exchange hostkey xxx". 

Then you can try to use "copy disk0:/asdm.bin scp://username@scp-server-ip/path/to/save" 

Here is the successful example in my lab asa for your reference.

TestFW(config)# copy disk0:/khost.log scp://fangni@192.168.1.9/Downloads/test/khost.log

Source filename [khost.log]?

Address or name of remote host [192.168.1.9]?

Destination username [fangni]?

Destination filename [Downloads/test/khost.log]?

Password: ***********
!!!
2090 bytes copied in 5.550 secs (418 bytes/sec)

 

 

Related SSH configuration from lab ASA as below:

TestFW(config)# show run ssh
no ssh stack ciscossh
ssh scopy enable
ssh stricthostkeycheck
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group14-sha256
ssh key-exchange hostkey eddsa
ssh 192.168.1.0 255.255.255.0 management

 

If you saw the error saying some host-key related, you can modify the host key on ASA  or SCP server side to get it matched to move forward.

 

Wish above helps. 

Haider Malik
Level 1
Level 1
In response to MarkNi

‎03-21-2025 12:37 AM - edited ‎03-21-2025 12:51 AM

@MarkNi 
Thank you . 
Looks like the user on ASA have some permissions issue. 

I tried following up with different SCP vendors, but every time, I get (Permission denied) additionally, it's not even asking for the password for SCP user as in your case. 




ciscoasa# sh run ssh
ssh scopy enable
ssh stricthostkeycheck
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
ciscoasa#




ciscoasa(config)# copy flash:/asdm-761AAAA.bin scp://admin@192.168.1.80/Downlo$

Source filename [asdm-761AAAA.bin]?

Address or name of remote host [192.168.1.80]?

Destination username [admin]?

Destination filename [Downloads/test/asdm-761AAAAassas.bin]?

%Error opening scp://admin@192.168.1.80/Downloads/test/asdm-761AAAAassas.bin (Permission denied)
ciscoasa(config)#


ciscoasa(config)# copy flash:/asdm-761AAAA.bin scp://admin@192.168.1.80/asdm-7$

Source filename [asdm-761AAAA.bin]?

Address or name of remote host [192.168.1.80]?

Destination username [admin]?

Destination filename [asdm-761AAAAassas.bin]?

%Error opening scp://admin@192.168.1.80/asdm-761AAAAassas.bin (Permission denied)
ciscoasa(config)#


copy disk0:/asdm-761AAAA.bin scp://admin@192.168.1.80/Downloads/test/asdm-761AAAAassas.bin

ciscoasa(config)# copy disk0:/asdm-761AAAA.bin scp://admin@192.168.1.80/Downlo$

Source filename [asdm-761AAAA.bin]?

Address or name of remote host [192.168.1.80]?

Destination username [admin]?

Destination filename [Downloads/test/asdm-761AAAAassas.bin]?

%Error opening scp://admin@192.168.1.80/Downloads/test/asdm-761AAAAassas.bin (Permission denied)
ciscoasa(config)#

ciscoasa(config)# copy running-config scp://admin@192.168.1.80

Source filename [running-config]?

Address or name of remote host [192.168.1.80]?

Destination username [admin]?

Destination filename [running-config]?
Cryptochecksum: 48513c39 d4c115b7 7ae5bf63 8d233ef0

%Error opening scp://admin@192.168.1.80/running-config (Permission denied)
ciscoasa(config)#


Any help on this please ? 

0 Helpful

MarkNi
Cisco Employee
Cisco Employee
In response to Haider Malik

‎03-24-2025 12:46 AM

Hi @Haider Malik  from your config of ssh, it seems missing "ssh key-exchange hostkey xxx" . Please make sure you have hostkey configured for ssh.

After that, you can enable "debug ssh 255" and "terminal monitor" , then try to copy again to see if you can find any errors from the debug output. 

Wish above helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top