Secure Copy

Question

I've been working with the new SFTP/SCP server as we need it to copy IOS images to switches in our DMZ. I know what you're thinking: you don't need a secure protocol to copy IOS images as they are binary files that can be sniffed all day long with no security implications. Suffice it to say that for scanning/audit reasons TFTP in our DMZ is impossible for us.

So here's the thing. The IOS command copy tftp flash: requires an external TFTP server and the one provided by SolarWinds works like a champ. However, the similar IOS command copy scp flash: invokes the native SCP server on the switch. While I can copy files using Cisco's SCP server among Cisco switches, what we need to do is use SolarWinds SCP server to copy files from our Windows NPM server to an IOS switch.

Ideas? Thanks in advance.

BrentPapworth · Accepted Answer

OK, so I eventually figured it out. I have a port conflict. SCP uses port 22; on our NCM server, we've installed VanDyke Software VShell SSH2/SFTP, which also uses port 22. Once I stopped the VShell service, SolarWinds SCP worked like a charm.

Building on my previous post, the IOS command copy SCP: Flash: apparently has the intelligence to use remote SCP if it exists, then the switch-based SCP server if remote SCP services are unavailable.