[c-nsp] SCP router-to-router work?

Peter Rathlev peter at rathlev.dk
Tue Jan 8 14:56:29 EST 2008 

On Tue, 2008-01-08 at 09:47 -0800, Raymond, Steven wrote:
> So I can easily scp an image from my workstation onto a router.  But I
> cannot seem to scp IOS files between routers (sup720s, SRB2 code).  Am
> 99% certain I did so in the past, but no amount of monkeying could get
> it to work recently.  Failure indication varies (it happens
> immediately), but it usually reports permission denied or file not
> found.  The target media was either disk0: or sup-bootdisk: .  Tried all
> manner of path permutations.  

I always get the same error on 7600/SRB, see below.

> Has anyone got a working CLI example that works?

On Tue, 2008-01-08 at 14:28 -0500, Luan Nguyen wrote:
> Say you want to scp ios from router 1 onto router 2 disk2:
> 
> on router 2 set up
> aaa new-model
> aaa authentication login default local
> aaa authorization exec default local
> username steve priviledge 15 password steve
> 
> then on router 1 where you have the ios:
> copy disk2:iosimage.bin scp://steve@router1
> 
> -lmn

What Luan writes here is the most plain configuration (except it's
"privilege" instead of "priviledge" ;-), and it works fine for me except
when the sending side is on of our 7600's running SRB (still SRB1
though).

The sending side constantly gives an "Authorization denied". Here I try
copying from R2 to R1, R1 initiates the connection:

R2#sh ver | incl IOS
Cisco IOS Software, c7600s72033_rp Software
(c7600s72033_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRB1, RELEASE
SOFTWARE (fc3)
R2#sh run | incl (aaa|scp|username)
username test secret 5 <excluded>
aaa new-model
aaa authentication login default local
aaa authorization exec default local 
aaa session-id common
ip scp server enable
R2#sh deb
General OS:
  AAA Authentication debugging is on
  AAA Authorization debugging is on
  AAA Administrative debugging is on
  AAA Subsystem debugs debugging is on
  AAA method list state change and notification debugs debugging is on
SSH:
  Incoming SCP debugging is on
R2#
R2#dir sup-bootdisk:
Directory of sup-bootdisk:/

    2  -rw-    33554432  Sep 14 2007 16:03:02 +02:00  sea_log.dat
    3  -rw-       15317  Nov 17 2007 09:37:42 +01:00  TestFile
    1  -rw-   110884868  Sep 14 2007 13:58:24 +02:00
c7600s72033-advipservicesk9-mz.122-33.SRB1.bin

512024576 bytes total (367566848 bytes free)
R2#

! (then on R1)

R1#sh ver | incl IOS
Cisco IOS Software, c7600s72033_rp Software
(c7600s72033_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRB1, RELEASE
SOFTWARE (fc3)
R1#copy scp://test@10.83.200.4/TestFile sup-bootdisk:TestFile
Destination filename [TestFile]? 

Password: 

%Error opening scp://test@10.83.200.4/TestFile (No such file or
directory)
R1#

! (debug output on R2:)

*Jan  8 20:37:53.859 GMT: AAA/BIND(0000005A): Bind i/f  
*Jan  8 20:37:53.859 GMT: AAA/AUTHEN/LOGIN (0000005A): Pick method list
'default' 
*Jan  8 20:37:53.859 GMT: AAA SRV(0000005A): process authen req
*Jan  8 20:37:53.859 GMT: AAA SRV(0000005A): Authen method=LOCAL 
*Jan  8 20:37:53.859 GMT: AAA SRV(0000005A): protocol reply GET_PASSWORD
for Authentication
*Jan  8 20:37:53.859 GMT: AAA SRV(0000005A): Return Authentication
status=GET_PASSWORD
*Jan  8 20:37:53.859 GMT: AAA SRV(0000005A): process authen req
*Jan  8 20:37:53.859 GMT: AAA SRV(0000005A): Authen method=LOCAL 
*Jan  8 20:37:53.863 GMT: AAA SRV(0000005A): protocol reply PASS for
Authentication
*Jan  8 20:37:53.863 GMT: AAA SRV(0000005A): Return Authentication
status=PASS
*Jan  8 20:37:53.867 GMT: AAA/AUTHOR (0x5A): Pick method list 'default'
*Jan  8 20:37:53.867 GMT: AAA SRV(0000005A): process author req
*Jan  8 20:37:53.867 GMT: AAA SRV(0000005A): Author method=LOCAL 
*Jan  8 20:37:53.867 GMT: AAA SRV(0000005A): protocol reply PASS for
Authorization
*Jan  8 20:37:53.867 GMT: AAA SRV(0000005A): Return Authorization
status=PASS
*Jan  8 20:37:53.867 GMT: AAA/AUTHOR/EXEC(0000005A): processing AV cmd=
*Jan  8 20:37:53.867 GMT: AAA/AUTHOR/EXEC(0000005A): Authorization
successful
*Jan  8 20:37:53.867 GMT: AAA/AUTHOR (0000005A): Method list id=0 not
configured. Skip author
*Jan  8 20:37:53.871 GMT: SCP: [22 -> 10.83.192.13:1023] send
Authorization denied.

I have no problems logging in w/ SSH. And the problems are the same when
copying from a a Linux shell.

Maybe SRB is just being stupid. :-)

Regards,
Peter

More information about the cisco-nsp mailing list