very easy as a,b,c:

a- ip domain-name cciesec.com

b- crypto key zerosize rsa

c- crypto key generate rsa -- choose 1024

d- username cciesec privilege 15 pass cisco

e- aaa new-model

f- aaa authentication login default local

g- aaa authorization exec default local

h- line vty 0 4

i- login authentication default

[Expert@NEO-labgw]# scp cciesec@192.168.15.201:running-config .

Password:

running-config 100% 4131 47.4KB/s 00:00

Connection to 192.168.15.201 closed by remote host.

[Expert@NEO-labgw]#

Easy for you.. A couple of questions. Why not use a 2048 key? Got the part about setting up the Cisco device,

a)create a domain name so that the crypto key generate will work,

b)zeroize the old rsa keys on the Cisco box.

c - i) set up the AAA for SSH and SCP.

The next part, what is going on with the following statement:

[Expert@NEO-labgw]# scp cciesec@192.168.15.201:running-config .

Password:

Are you entering the SCP service from the Cisco device and sending the running-config to the PC running some kind of SCP server?

Thanks.

Yes, PC is running CentOS Linux version 5.2.

Host "NEO-labgw" is a CentOS Linux box which has scp/sftp built-in by default

Thanks. I was hoping for a Windows solution. It is good to know that you can PULL a running config from a linux box. It looks like the Cisco SCP service on the Cisco box can look like an SCP client to CentOS Linux. thx

My solution also works on Windows solution as well, if you use pscp.exe. One thing to keep in mind is that if you use "pscp.exe" for scp, you need to use the "-pscp" option, like this:

C:\temp>pscp.exe -scp cciesec@192.168.15.201:running-config .

Using keyboard-interactive authentication.

Password:

running-config | 4 kB | 4.0 kB/s | ETA: 00:00:00 | 100%

C:\temp>

Again, easy right?

Still no go.

C:\PuTTY>pscp -scp -v Bruce@192.168.1.1:running-config

Where 192.168.1.1 is the cisco device.

I get the usage info when trying to do it.

C:\PuTTY>pscp -scp -v Bruce@192.168.1.1:running-config

PuTTY Secure Copy client

Release 0.60

Usage: pscp [options] [user@]host:source target

pscp [options] source [source...] [user@]host:target

pscp [options] -ls [user@]host:filespec

Options:

-V print version information and exit

-pgpfp print PGP key fingerprints and exit

-p preserve file attributes

-q quiet, don't show statistics

-r copy directories recursively

-v show verbose messages

-load sessname Load settings from saved session

-P port connect to specified port

-l user connect with specified username

-pw passw login with specified password

-1 -2 force use of particular SSH protocol version

-4 -6 force use of IPv4 or IPv6

-C enable compression

-i key private key file for authentication

-noagent disable use of Pageant

-agent enable use of Pageant

-batch disable all interactive prompts

-unsafe allow server-side wildcards (DANGEROUS)

-sftp force use of SFTP protocol

-scp force use of SCP protocol

I had debug enabled on the device but nothing showed up. My guess is that the command never ran on the Windows box.

This is a helpful page on the use of putty:

http://the.earth.li/~sgtatham/putty/0.60/puttydoc.txt

I am getting closer though. I got the following error from putty:

C:\PuTTY>pscp -scp Bruce@192.168.1.1:running-config c:\putty

Bruce@192.168.1.1's password:

Privilege denied.

This also was verified with some debug on the network device. I am set to AAA with 15 privilege. I guess something else is needed for the SCP part..

I know this post is 5 years old, but found it as I ran into the same issue.
For me pscp works now with an ASR1006

C:\PuTTY>pscp -scp -v Bruce@192.168.1.1:running-config .

You forgot the "dot" at the end of your command (cisco24x7 has it in his post). It is essential, as this is for target. 
This helped ab bit regarding pscp.
But as you pointed out

C:\PuTTY>pscp -scp Bruce@192.168.1.1:running-config c:\putty

did work neither, I asume there was an additional issue with scp server konfig on your router.

Did you solve this in the end?

I know this is an old post, but this method doesn't seem to currently work. ASA version 9.2(4). It looks like the ASA is looking for "running-config" from the flash: or disk0:.  In order to get the running-config you need to call out the "system:" directory first.  This command works for me from a bash command prompt:

scp user@192.168.0.1:system://running-config .

or

scp user@192.168.0.1:system://running-config newfilename.cfg

I verified that this works under recent versions of ASA

config t

  ssh scopy enable

  username foo password secret privilege 15

  username foo attributes

    ssh authentication publickey {paste public key here}

end

Then the following works:

scp foo@test-asa:system://running-config running-config

scp foo@test-asa:startup-config startup-config

--sk

yes. and now he can use ubuntu inside windows 10