Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11267
Views
18
Helpful
8
Replies

Cisco FMC & WinSCP

Go to solution
keithcclark71
Level 3
Level 3

‎02-10-2021 11:57 AM

I have connected WinSCP in a previous version of firepower.  The version 6.6.1 I am trying to connnect to using WinSCP says i'm authenticating but it won't connect. Is anyone using WinSCP anymore or is there something better that can be used???

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Oliver Kaiser
Level 7
Level 7

‎02-11-2021 02:24 AM

The problem is that Cisco introduced SFCLI to FMC, which does not support directory listing by default. Therefore it is not possible to transfer files to FMC without adding a user and setting its shell to /bin/bash or bin/sh, which is kinda awkward as a workaround but then again it works.

 

@OP  you need to do the following

1. SSH to FMC

2. Change to Bash

> expert

3. Change to root user

sudo su -

4. Add a new user that you can use for file transfer

useradd scpuser

5. Set password for scpuser

passwd scpuser

6. Set shell for scpuser

chsh --shell /bin/sh scpuser

7. Retry scp to FMC

> scp test.txt scpuser@fmc01.example.com:~/
Password: 
test.txt                                                                                                             100%    0     0.0KB/s   00:00

8. Navigate to /Volume/home/scpuser - you'll find the transfered file in the users home directory

 

Hope that helps

 

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Yordan Yordanov

‎02-17-2022 07:10 AM

FMC allows you to download files from var/common via its web UI.

https://<fmc address>/ddd/#ATFileDownload;deviceId=0

You can also navigate there via System > Health Monitor > select the FMC > Advanced Troubleshooting tools

View solution in original post

8 Replies 8

Go to solution
eruizrub
Cisco Employee
Cisco Employee

‎02-10-2021 12:36 PM

Hi Keith, it should work, have you tried to update winscp ?

you can also cretaed a user on root mode to transfer and get files using scp:

useradd <user>
passwd <user>

 

then you can use the user for scp transfers

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7

‎02-11-2021 02:24 AM

The problem is that Cisco introduced SFCLI to FMC, which does not support directory listing by default. Therefore it is not possible to transfer files to FMC without adding a user and setting its shell to /bin/bash or bin/sh, which is kinda awkward as a workaround but then again it works.

 

@OP  you need to do the following

1. SSH to FMC

2. Change to Bash

> expert

3. Change to root user

sudo su -

4. Add a new user that you can use for file transfer

useradd scpuser

5. Set password for scpuser

passwd scpuser

6. Set shell for scpuser

chsh --shell /bin/sh scpuser

7. Retry scp to FMC

> scp test.txt scpuser@fmc01.example.com:~/
Password: 
test.txt                                                                                                             100%    0     0.0KB/s   00:00

8. Navigate to /Volume/home/scpuser - you'll find the transfered file in the users home directory

 

Hope that helps

 

Go to solution
keithcclark71
Level 3
Level 3
In response to Oliver Kaiser

‎02-18-2021 03:38 PM

thanks Oliver Ill give it a try 

0 Helpful

Go to solution
Yordan Yordanov
Level 1
Level 1
In response to Oliver Kaiser

‎02-17-2022 03:01 AM

Hi Oliver,

 

is it possible to transfer Files from FMC to expertnal scp/ftp Server. i need to download some files from fmc, but fmc act as client and not like server. This is error that i get:

root@firepower:/var/common# scp results-02-17-2022--72526.tar.gz dafmc1812@xxxxxxxxxxx:/ftp
dafmc1812@xxxxxxxxx's password:
This service allows sftp connections only.
root@firepower:/var/common#

 

br

Yordan

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Yordan Yordanov

‎02-17-2022 07:10 AM

FMC allows you to download files from var/common via its web UI.

https://<fmc address>/ddd/#ATFileDownload;deviceId=0

You can also navigate there via System > Health Monitor > select the FMC > Advanced Troubleshooting tools

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Marvin Rhoads

‎03-17-2023 09:25 AM - edited ‎03-17-2023 09:38 AM

I am trying to upload a script to FTD preferrably through FMC, how do I do that? My Import/export option is only Package then it says unkown package file type. I am trying to upload a bash script.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoPurpleBelt

‎03-17-2023 12:22 PM

To copy a non-package (upgrade, VDB  etc.) to the system you need to use something like scp from the cli as mentioned in this thread. Or if it's a small text file like a script you could even just paste the contents into a new file using vi - all from the expert cli as root user. There you basically have a purpose-built Linux OS to work with.

Note - do be careful not to change or remove any system files. That could leave your system in a corrupted and unrecoverable state!

0 Helpful

Go to solution
keithcclark71
Level 3
Level 3
In response to Oliver Kaiser

‎06-15-2022 11:35 AM

Oliver I don't know if you are still on the boards here but your procedure just worked for me in getting WINSCP connected to FMC 6.6.5.  I could not get it working when I initially opened this post but 2 years later I just got it working in a new deployment.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card