SCP secure copy protocol 安全复制协议

SCP secure copy protocol 安全复制协议
SCP通过认证的方式为cisco设备的配置和映像复制提供安全，这种安全是基于SSH的。
在配置SCP之前，必须配置SSH，认证和授权，正是因为有了SSH和AAA这样的机制所以能够确保用户是否是合法的。
1.配置SSH

Router(config)#hostname R1
R1(config)#ip domain name www.cisco.com
R1(config)#username ccie privilege 15 password  cisco
R1(config)#crypto key generate  rsa  modulus 1024
R1(config)#crypto key generate rsa 
The name for the keys will be: R1.www.cisco.com
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
R1(config)#line vty 0 4
R1(config-line)#transport input ssh
R1(config-line)#login local 

R2#ssh -l ccie 12.1.1.1
Password: cisco
R1#

2配置AAA

R1(config)#aaa new-model             开启AAA认证功能
R1(config)#aaa authentication login default local
指定用户登录认证方式采用本地数据库认证
R1(config)#aaa authorization exec default local 
授权方式采用本地用户数据库进行授权
R2#ssh -l ccie 12.1.1.1
Password: cisco
R1#

3.配置SCP
R1(config)#ip scp server enable 开启SCP服务
4.测试

R2#show running-config | redirect flash:R2configuration
R2#dir  
Directory of flash:/
    1  -rw-         752                    <no date>  R2configuration
8388604 bytes total (8387788 bytes free) 

R2#copy flash:R2configuration scp://ccie@12.1.1.1
Address or name of remote host [12.1.1.1]? 
Destination username [ccie]? 
Destination filename [R2configuration]? 
Writing R2configuration 
Password: 
!
752 bytes copied in 1.856 secs (405 bytes/sec)

R1#dir 
Directory of flash:/

    1  -rw-         752                    <no date>  R2configuration

8388604 bytes total (8387788 bytes free)