Re: using an alternate port with Cisco's secure copy (scp)

[Cody Dumont <CDumont () nwnit com>]

Here is the config to change the SSH port, thereby changes the SCP port...

The lab build is two routers back to back using GNS3, running 2691 - Cisco IOS Software, 2600 Software 
(C2691-ADVIPSERVICESK9-M), Version 12.4(15)T8, RELEASE SOFTWARE (fc3)

r1 = SCP server
r2 = SCP client


#############  change the host name and enter a domain name
hostname r1
ip domain name name.com<http://name.com>

#############  Generate the RSA key
crypto key generate rsa

#############  setup a user name for login
username cisco privilege 15 password 0 cisco

#############  change the SSH port and assign a rotary group
#############  The rotary group is mostly used for Async ports, but can also be used with VTY ports.
ip ssh port 2200 rotary 1
ip ssh version 1

#############  define an IP address
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0

#############  enable the SCP service on the router
ip scp server enable

#############  modify the VTY config to be a member of the rotary group and allow ssh transport
line vty 0 5
 login local
 rotary 1
 transport input ssh


#############  from "r2" test the SSH login

r2#ssh -l cisco -p 2200 192.168.1.1
Password: <enter cisco for the password>
r1#exit  <-------- close connection
[Connection to 192.168.1.1 closed by foreign host]
r2#

#############  Now try the SCP...

r2#copy startup-config scp://192.168.1.1:2200/new.txt    <------------  note the port....
Address or name of remote host [192.168.1.1]?   <----------  note there is no port..that is ok....
Destination username [r2]? cisco
Destination filename [new.txt]?
Writing new.txt
Password: <enter cisco for the password>
!
723 bytes copied in 10.832 secs (67 bytes/sec)
r2#

#############  now verify the copy on the "r1" router
r1#dir
Directory of flash:/

    1  -rw-         723                    <no date>  new.txt

16777212 bytes total (16776424 bytes free)
r1#


Done.....I hope this helps....


Cody B Dumont

CISSP, CCSP, CCIP, CCNP, RSA enVision CSE, MCSE, CNE
NWN STAR  - Senior Security Consultant
603.785.2665 mobile l cdumont () nwnit com<x-msg://46/cdumont () nwnit com>

STAR - Proactive, cost-effective security with a business focus ˆ going from good to great!

NWN Security Blog ˆ http://nwnsecurity.blogspot.com<http://nwnsecurity.blogspot.com/>
<http://www.twitter.com/nwnsecurity>NWN Security Twitter ˆ http://www.twitter.com/nwnsecurity
<http://www.twitter.com/nwnsecurity>Facebook Profile - http://www.facebook.com/kevinbfiscus
NWN STAR Facebook Page - http://www.facebook.com/NWNSTAR





________________________________
Note: This message and any attachments is intended solely for the use of the individual or entity to which it is 
addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt 
from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, 
distribution, or copying of this communication is strictly prohibited. If you have received this communication in 
error, please notify the original sender immediately by telephone or return email and destroy or delete this message 
along with any attachments immediately.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com