Uploading of IOS to cisco 3850 via winscp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-29-2017 06:02 PM - edited 03-08-2019 01:15 PM
Hi all,
I have tried accessing my cisco 3850 switch via winscp but was not able to list the directory. My authentication works fine but it just doesn't show the directory listing on my winscp. Objective is to upload IOS to my cisco 3850. Pls advise. TIA!
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-29-2017 06:05 PM
To add on, my environment works on a tight security policy and uploading of IOS over network has to be secured and hence we are exploring uploading via winscp as an option. Using TFTP for upload is not an option.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-29-2017 06:40 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2025 09:48 AM
I ended up using pscp. I tried using scp but I found that it would not accept my keyboard input when I tried to enter in my password.
In using pscp be sure to specify the correct protocol. Initially I got bombed - it would take my PW but then immediately drop. I re-ran it using "-v" to see the messages and found that pscp uses SFTP by default. This worked:
pscp -scp C:\<fully qualified path and filename on my PC> <my_router_login_ID>@<router_DNS_name>:<filename>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2025 09:58 AM
It may not work with cisco 3850 due to shell compatibility issues. Better to use SCP via the command line:
scp [source-file-path] [username]@[switch-ip]:[destination-file-path]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2025 11:38 AM
In order to be able to copy something via scp to your switch, you should enable the scp server first from global configuration mode:
ip scp server enable
HTH
*** Please Rate All Helpful Responses ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-05-2025 12:13 PM - edited 03-05-2025 12:14 PM
I actually DO have that statement in my config. But using scp from my PC's command line still failed. It connected to the server, but for some reason would not accept keyboard input. It's a C8300 running IOS-XE 17.12.01a. Whereas using pscp (from PuTTY) did accept keyboard input (i.e., my password).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-05-2025 01:04 PM
You need to consider a few things when copying files to the router using scp:
1. make sure the username defined on the router has enough privileges; mine is defined like username liviu privilege 15 secret <pwd>
2. enable transport input ssh on your vty lines
3. enable login local on your vty lines; if using aaa new-model, you will have to define proper authorization commands
I configured a Cisco 8000v in the lab like detailed above and it works:
liviu@ftpsrv01:~$ scp evotech.pem liviu@172.25.25.158:evotech.pem
Password:
evotech.pem 100% 1679 524.5KB/s 00:00
And the output from the router where I enabled debug ip scp
*Mar 5 20:54:17.790: %SSH-5-SSH2_SESSION: SSH2 Session request from 172.25.25.206 (tty = 0) using crypto cipher 'aes256-ctr', hmac 'hmac-sha2-256-etm@openssh.com' Succeeded
*Mar 5 20:54:24.053: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: liviu] [Source: 172.25.25.206] [localport: 22] at 20:54:24 UTC Wed Mar 5 2025
*Mar 5 20:54:24.053: %SSH-5-SSH2_USERAUTH: User 'liviu' authentication for SSH2 Session from 172.25.25.206 (tty = 0) using crypto cipher 'aes256-ctr', hmac 'hmac-sha2-256-etm@openssh.com' Succeeded
*Mar 5 20:54:24.056: SCP: Path received evotech.pem
*Mar 5 20:54:24.056: SCP: Sanitized Path evotech.pem
*Mar 5 20:54:24.057: SCP: [22 -> 172.25.25.206:45432] send <OK>
*Mar 5 20:54:24.058: SCP: [22 <- 172.25.25.206:45432] recv C0400 1679 evotech.pem
*Mar 5 20:54:24.058: SCP: [22 -> 172.25.25.206:45432] send <OK>
*Mar 5 20:54:24.058: SCP: receive file size - 1679 chunk - 65536
*Mar 5 20:54:24.061: SCP: [22 <- 172.25.25.206:45432] recv 1679 bytes
*Mar 5 20:54:24.061: SCP: [22 <- 172.25.25.206:45432] recv <OK>
*Mar 5 20:54:24.061: SCP: [22 -> 172.25.25.206:45432] send <OK>
*Mar 5 20:54:24.062: SCP: [22 <- 172.25.25.206:45432] recv <EOF>
*Mar 5 20:54:24.068: %SSH-5-SSH2_CLOSE: SSH2 Session from 172.25.25.206 (tty = 0) for user '' using crypto cipher 'aes256-ctr', hmac 'hmac-sha2-256-etm@openssh.com' closed
c8000v#dir | i evotech
81 -rw- 1679 Mar 5 2025 20:54:24 +00:00 evotech.pem
c8000v#
*** Please Rate All Helpful Responses ***
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-05-2025 03:18 PM
I'm good on steps 1 and 2 - step 3 is what's missing from the config. But then why does it work using pscp and not scp?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-05-2025 03:46 PM - edited 03-05-2025 11:32 PM
Are you using public key authentication with PSCP?
SCP needs to "ssh" into the router first and you need steps 1-3 mentioned above in order to enable the user to do this.
I'm not sure how PSCP works, never used it.
*** Please Rate All Helpful Responses ***
