[c-nsp] Hiding SCP Password Using Archive Feature
Tom Hill
tom at ninjabadger.net
Wed May 3 08:57:58 EDT 2023
On 2023-04-29 14:47, Richard Clayton via cisco-nsp wrote:
> Hi Guys
s/Guys/everyone/g
> archive
> path scp://
> user:password at 1.2.3.4/CUSTOMERS/CUSTOMER1/CUSTOMER-LONDON6-ETH1.cfg
> write-memory
> time-period 10080
>
> Because the password part of the SCP config is not an IOS recognised
> password I don't appear to be able to encrypt it. If that's the case
> is
> there a secure fudge, like somehow referencing a local username that
> does
> have password encryption.
I suspect what you're in need of here is pubkey-based authentication for
outbound SSH connections.
Most of the search hits on Google are 15,000 year old blog posts talking
about configuring VTYs for logins, so I can't locate the guidance
easily.
However, knowing what you're searching for is half the pain! There
should be support for configuring a private key for outbound SSH-based
comms (such as SCP) globally within the system, so hopefully the correct
documentation for your version of IOS should contain something of that
sort (it is most likely that it won't be included in the section
concerning 'archive').
If not, of course, it's a good thing to ask Cisco TAC. :)
Tom
More information about the cisco-nsp
mailing list