Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
31275
Views
0
Helpful
3
Replies

Copy SCP Flash Protocol Error

heeb
Level 1
Level 1

‎05-20-2016 06:07 AM - edited ‎03-08-2019 05:51 AM

Now that federal government requires us to use scp whenever we upload IOS image file from the computer, not using tftp. I'm using my Mac where the Cisco IOS image stored. This file is in my home directory. So, here I am trying to make it works by using command "copy scp: flash:" on Cisco 2960G switch.

ciscoSW#copy scp://"userid"@172.16.99.108/c2960-lanbasek9-mz.150-2.SE9.bin flash:
Destination filename [c2960-lanbasek9-mz.150-2.SE9.bin]?

I get this message:

%Error opening scp://"userid"@172.16.99.108/c2960-lanbasek9-mz.150-2.SE9.bin (Protocol error)

I already have aaa and crypto enabled for this to work:

aaa new-model

aaa authentication login default local

aaa authorization exec default local

ip ssh server version 2

ip scp server enable

I even tried to do it from Oracle Sun server, but no luck.

Your help is appreciated.

2 people had this problem
Labels:
0 Helpful
3 Replies 3

agapitca19
Level 1
Level 1

‎05-21-2016 05:22 PM

heeb,

For this test, I used Core FTP Server as my scp software and use Cisco 3850 as my client. I don't know what scp software you are using or Mac supports scp natively(not a Mac person) but based on the error message you showed with "(Protocol error)", check your scp server settings. Like in my case, I have to check the ssh/sftp option then a sub-menu that shows to allow scp too.  

As an experiment, when the check mark for scp was removed I got the message below. It might not be as specific as your "(Protocol error)" but again might be something on the settings.

%Error opening scp://*****@scp ip address/test.txt (Undefined error)

When check mark for scp is enabled, I got no problem copying the test file. Just in case you wonder, 0 bytes was copied just because the test file was an empty text file. 

3850 Switch #copy scp://scp@scp server ip address/test.txt flash:
Destination filename [test.txt]? press Enter
Password: password set on the scp server

0 bytes copied in 13.160 secs (0 bytes/sec)

3850 Switch#sh flash:

46          0 May 21 2016 22:44:51.0000000000 +00:00 test.txt

HTH

***Please rate and mark the comment correct if you find it helpful. Thanks.***

0 Helpful

crazycatman
Level 1
Level 1

‎03-07-2018 08:36 PM

If you do a "debug scp all"when attempting to copy across - you will get some useful info.

I had the same issue. I ran the debug and it was returning:

SSH2 CLIENT 0: no matching cipher found: client aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc server chacha20-poly1305@openssh.com

I realised, also, that I hadn't generated SSH keys so added the following config:

ip domain-name your.domain.name
crypto key generate rsa modulus 2048

It still returned the cipher error.

The issue turned out to be on the Linux server I was trying to connect to (from my router).

I had to edit the SSHD config file to add ciphers.

sudo nano /etc/ssh/sshd_config

Added the following to the end of the file:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc

Restarted the sshd service:

sudo service sshd restart

Problem fixed. Copied the files no issue.

 

win-win-rt1.wa#copy scp: flash:
Address or name of remote host []? 192.168.100.5
Source username [bobzyauncle]? bobzyauncle
Source filename []? VA_A_39m_B_38h3_24h_o.bin
Destination filename [VA_A_39m_B_38h3_24h_o.bin]?

Password:
 Sending file modes: C0775 2823524 VA_A_39m_B_38h3_24h_o.bin
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2823524 bytes copied in 13.320 secs (211976 bytes/sec)

win-win-rt1.wa#

HTH

0 Helpful

crazycatman
Level 1
Level 1
In response to crazycatman

‎03-11-2018 11:02 PM

Encountered this AGAIN!

 

This time it was to do with HostKeyAlgorithms/KexAlgorithms/MACs. 

As such, I added the following to the sshd_conf file, restarted sshd, and then it worked. Note that a bunch of these are dodgy as and, as such, I recommend you apply this stuff, perform the copy, then remove it again (restarting your sshd service after removing the temp config). 

 

HostKeyAlgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss

KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521

MACs hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmac-sha2-512,umac-64@openssh.com,umac-128@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com
0 Helpful
Customers Also Viewed These Support Documents