Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3409
Views
0
Helpful
2
Replies

Scripted SCP login from Nexus 5k to Linux

lorenzobexer
Level 1
Level 1

‎09-10-2012 05:00 AM - edited ‎03-07-2019 08:47 AM

Hi,

we have the following problem. In order to backup the configuration of our switches, we made an alias 'save' which calls a script that saves the configuration and then sends a backup of the configuration via tftp.

So far so good, but now i am trying to do the same thing using scp in order to be more secure.

In the script, i try to call do the following:

copy running-config scp://backup_user:password@x.x.x.x/filename

But unfortunately the copy command on the Nexus switches doesn't seem to take the password, unless its entered via commandline. (It works on Catalyst)

Ok, so i tried to install a public SSH Key, so the login wouldn't need a password.

Next problem:

We authenticate against Active Directory, and when trying to install a key for my user, i get the following message:

# username my_user sshkey file bootflash:///my_pubkey.pub

user:my_user account is already created through remote authentication.

Please first delete that account using "no" option.

Any ideas regarding this? Is there any way to provide the password within the script or install a key for all users?

I know, it's not ideal but always better then TFTP.

Kind Regards,

Johannes

Labels:
0 Helpful
2 Replies 2

Iker Santamaria Molla
Level 1
Level 1

‎09-12-2012 03:47 AM

Hello Lorenz,

in which language do you have written the script?

If you use bash, try with "expect" module to respond with the password when the switch prompts for it.

With securecrt and its scripting module:

crt.Screen.WaitForString "password:" , 1 & chr(13)

********************************************************************************************************************************************

SW-N5K1# copy running-config scp://usuario_scp:password_scp@1.1.1.1// vrf default

Enter destination filename: [SW-N5K1-running-config]

usuario_scp@1.1.1.1's

password:

SW-N5K1-running-config                                                                                              100%   27KB  26.7KB/s   00:00

*********************************************************************************************************************************************

I have implemented with a Red Hat Server (native scp) and with WinSSHD 5.26 (Bitvise Tunnelier) on Windows 7; and for the script I use SecureCrt in VBSscript.

Regards

0 Helpful

lorenzobexer
Level 1
Level 1
In response to Iker Santamaria Molla

‎09-12-2012 06:19 AM

Hi Iker,

thanks for your answer, but the script is on the switch itself.

So every time we want to save the configuration, instead "copy run sta", we just call our alias "save" on the switch, and it will save the configuration and backup it.

This is what our script looks like for tftp:

NEXUS-A# show file bootflash:///backup_config

copy running-config startup-config

copy running-config tftp://ip_of_tftp_server/$(SWITCHNAME)-$(TIMESTAMP) vrf MGMT

The advantage is that we get a backup of every saved configuration version, also there are no duplicate backups of the same configuration and we don't need to schedule anything from another server.

Works perfectly on catalyst (but with a TCL script), but not on the Nexus, because it seems that you must enter the password manually, and you can't provide an sshkey for active directory users.

It's a pain that there are so many differences between Catalyst and Nexus. It seems that every time, we solved something for the Catalyst switch, we have to find a whole new solution for the Nexus.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card