11-14-2008 05:54 AM - edited 03-11-2019 07:13 AM
I have SSH and SCP enabled on the ASA 5510. I can SSH fine into the device. However, I cannot copy files to the device usng WinSCP. Used all options but nothign seems to work. I see the log authentication successful, but then WinSCP reports no response from ASA.
Any idea?
11-14-2008 01:12 PM
I would review the ports being used and use a packet sniffer like wireshark to see what traffic is really doing.
11-14-2008 06:35 PM
wireshark doesn't tell much as after SSH is established, packets are encrypted. I have used debug ssh on the ASA console to see what goes on.
SSH is established correctly and user is authenticated...
SSH2 2: authentication successful for xxxx
SSH2 2: channel open request
SSH2 2: exec request
No activity after the "exec request"
If I enable shell selection in WinScp then the exec request is replaced by "shell request". In either case nothing proceeds beyond that message and finally the following message:
SSH2: receive SSH message: [no message ID: variable *data is NULL]
SSH2: Session disconnected by SSH server - error 0x00 "Internal error"
Q. Should the iniial SSH session land the user in privileged exec mode for this to work?
02-25-2011 08:41 AM
I'm having the same problem
02-26-2011 05:47 AM
Hello,
This happens due to the way that WinSCP tries to get a shell to do things like directory listings. The ASA's SCP server doesn't support this:
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/s8.html#wp1510629
There is no directory support in this implementation of SCP, limiting remote client access to the adaptive security appliance internal files.
I'm not sure if there is a way to disable this functionality for WinSCP, but you can use something like 'pscp' on Windows (or 'scp' on Linux/Mac) to copy the files you need. The syntax would look something like this:
pscp
Hope that helps.
-Mike
02-26-2011 06:14 AM
Now, in my particular application and situation, what I found to be a just as good as alternative was using the latest ASDM. Tools menu and File Mangement.
Worked great
12-17-2013 02:49 AM
What if asdm image is corrupted..
05-08-2017 06:21 PM
pscp worked for me as well:
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
From the CLI (I happened to use PowerShell), I changed my working directory to that which contained my files to be transfered. I then entered the syntax as below:
PS C:\Users\myusername\Downloads> .\pscp.exe .\asa971-4-lfbff-k8.SPA myasausername@172.30.0.1:asa971-4-lfbff-k8.SPA
The first key-exchange algorithm supported by the server is
diffie-hellman-group1-sha1, which is below the configured warning threshold.
Continue with connection? (y/n) y
plsadmin@172.30.0.1's password:
(My transfer began immediately afterward):
asa971-4-lfbff-k8.SPA | 2208 kB | 7.2 kB/s | ETA: 04:01:35 | 2%
Note: It may take a while to transfer but I'm pretty sure that's just a limitation of the protocol. Also if you're working within the legacy Windows command-line just remove the .\ from your command syntax and you should be fine.
PS- Don't forget to enable SSH Secure Copy capabilities in the ASA (conf t > ssh scopy enable)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide