SCP transfer failure

glen.grant · ‎05-07-2014

Having issue with some devices not being able to save to a file server using SCP . The problem seems to be a 1 way issue so it's not a FW issue also I have devices which are the same device running the same code yet one works but one does not work . The failure is saving a config back to the server. We are able to copy from the server back into say bootflash of the devices. File permissions are open on all files we are having issues with. The puzzling thing it is one way only. We had to go to SCP due to security requirements, tftp worked fine on all devices before . Any input appreciated . Done all the searching i can on this. We have issues on 3750,2960, and 4500's . Some of the code is backleveled so it could be that ,not sure.

col-tccc1-sa-2a#copy start scp:
Address or name of remote host []? 161.162.xxx.xx
Destination username [col-tccc1-sa-2a]? ggrant
Destination filename [col-tccc1-sa-2a-confg]? /network/tftpboot/col-tccc1-sa-2a-confg
Uncompressed configuration from 12372 bytes to 40286 bytes
Writing /network/tftpboot/col-tccc1-sa-2a-confg
Password:
%scp: error: unexpected filename: /network/tftpboot/col-tccc1-sa-2a-confg FAILURE to Transfer

%Error writing scp://ggrant@161.162.xxx.xx//network/tftpboot/col-tccc1-sa-2a-confg (Permission denied)

WILLIAM STEGMAN · ‎05-07-2014

Have you tried the destination filename without the /, such as:

Destination filename [col-tccc1-sa-2a-confg]? network/tftpboot/col-tccc1-sa-2a-confg

glen.grant · ‎05-07-2014

Yes same issue and same error .

WILLIAM STEGMAN · ‎05-07-2014

Is your scp server a Linux box? If so, I've always had to create the empty file in the directory and give write permissions to it when writing to my Linux servers. And those permissions would need to be applied up the directory, tftpboot, network.

glen.grant · ‎05-07-2014

After looking at this further I think it is probably related to this bug . Covered a wide range of ios versions and it is pretty much the same thing as I am seeing . Unfortunetly their work around does not work on my boxes.

CSCsb62045

Symptom:
When attempting to scp files from a router, when connecting to some scp servers the following error is generated:

ROUTER#copy running-config scp://root@1.2.3.4://tmp/test
Address or name of remote host [1.2.3.4]?
Destination username [root]?
Destination filename [/tmp/test]?
Writing /tmp/test
Password:
Sink: C0644 693 /tmp/test
%scp: error: unexpected filename: /tmp/test

%Error writing scp://root@172.18.124.187//tmp/test (Permission denied)

Conditions:
The customer must be copying the files from the router using the scp method, and must specify the
remote filename

Workaround:
Do not specify the filename in the scp command. Simply specify the destination address, and let
the router prompt for the remainder of the information, as below:

ROUTER#copy running-config scp://root@1.2.3.4
Address or name of remote host [1.2.3.4]?
Destination username [root]?
Destination filename [router-config]?
Writing router-config
Password:
Sink: C0644 693 router-config
!
693 bytes copied in 5.288 secs (131 bytes/sec)
ROUTER#

Customer Visible

Zaaf Aba · ‎05-09-2019

Came across this post while searching for a solution. My scp is on Linux box, while using same command syntax (as suggested in the work around) I can not transfer file from all switches.

WS-C2960-24PC-L#copy running-config scp://MY_SCP_USERNAME@1.2.3.4
Address or name of remote host [1.2.3.4]?
Destination username [MY_SCP_USERNAME]?
Destination filename [WS-C2960-24PC-L-confg]?
Writing WS-C2960-24PC-L-confg
%Error writing scp://MY_SCP_USERNAME@1.2.3.4/WS-C2960-24PC-L-confg (Undefined error)
WS-C2960-24PC-L#

This switch is running
flash:/c2960-lanbasek9-mz.150-1.SE2/c2960-lanbasek9-mz.150-1.SE2.bin
WS-C2960-24PC-L

***

Another switch test
WS-C2960X-48FPS-L#copy running-config scp://MY_SCP_USERNAME@1.2.3.4
Address or name of remote host [1.2.3.4]?
Destination username [MY_SCP_USERNAME]?
Destination filename [WS-C2960X-48FPS-L-confg]?
Writing WS-C2960X-48FPS-L-confg

MOTD-THIS SYSTEM IS PROTECTED-

Password:
Sink: C0644 57103 WS-C2960X-48FPS-L-confg
!
57103 bytes copied in 7.057 secs (8092 bytes/sec)

WS-C2960X-48FPS-L#
flash:/c2960x-universalk9-mz.152-2.E8/c2960x-universalk9-mz.152-2.E8.bin
WS-C2960X-48FPS-L

So it indicates that the work around is not working for all firmwares

marwan moustafa Nour Eldin Sobhy · ‎11-12-2019

Hi Glen,

sometimes it happens due to encryption or integrity mismatch between SCP server and ASA

so you can support all cipher methods by the following 2 command (I face the same issue and TAC fixed bu those command)

ssh cipher encryption all

ssh cipher integrity all

johnnylingo · ‎02-15-2022

Old thread, but just came across this today. My advice is first configure ip ssh source-interface on the router, then attempt to SSH to the remote server from the the CLI, and check logs on the router. I saw this:

Feb 15 17:26:44.668 UTC: %SSH-3-AUTH_METH_ERR: Server does not support password or keyboard-interactive authentication

So on the Linux (Ubuntu 18) server, I needed to modify this line on /etc/ssh/sshd_config:

PasswordAuthentication yes

Followed by a restart the SSH server:

sudo service sshd restart

After that, I was able to copy files from the router to the SCP server:

#copy bootflash:sh_tech.txt scp://billybob@10.10.10.150:
Address or name of remote host [10.10.10.150]? 
Destination username [billybob]? 
Destination filename [sh_tech.txt]? 
Writing sh_tech.txt 
Password: 
Sink: C0644 1611426 sh_tech.txt
!!!!!!!
1611426 bytes copied in 14.621 secs (110213 bytes/sec)

bobmead61 · ‎07-26-2024

root@pnetlab:~# scp Nexus_Public_key admin@192.168.68.3:/bootflash/
User Access Verification
Password:
scp: /bootflash/bootflash/: Is a directory
root@pnetlab:~# scp Nexus_Public_key admin@192.168.68.3:bootflash
User Access Verification
Password:
Nexus_Public_key 100% 477 344.7KB/s 00:00

Had this error in my lab needed to remove the / for bootflash dir.