The copy was from a Linux (RHEL 6) host also. All the users home directories are under /home with the images, configs etc., in /app/tftpboot. Here's an ls from my home directory using the absolute path from root to a file called poap.py in that directory.
[[email protected] ~]$ ls -l /app/tftpboot/poap.py -rw-r--r--. 1 nfsnobody nfsnobody 20048 May 27 16:05 /app/tftpboot/poap.py [[email protected] ~]$
And here's the copy, first with the single slash and so failing, and secondly with a double slash and succeeding.
As long as you include the absolute path with a double slash it does seem to work.
Regards
Cisco Nexus 3000 Series NX-OS Fundamentals Configuration Guide, Release 7.x
Working with Archive Files
The Cisco NX-OS software supports archive files. You can create an archive file, append files to an existing archive file, extract files from an archive file, and list the files in an archive file.
Creating an Archive Files
You can create an archive file and add files to it. You can specify the following compression types:
The default is gzip.
Procedure
| Command or Action | Purpose |
|---|---|
tar create {bootflash: | volatile:} [absolute] [bz2-compress] [gz-compress] [remove] [uncompressed] [verbose] | Creates an archive file and adds files to it. The filename is alphanumeric, not case sensitive, and has a maximum length of 240 characters. The absolute keyword specifies that the leading backslash characters (\) should not be removed from the names of the files added to the archive file. By default, the leading backslash characters are removed. The bz2-compress, gz-compress, and uncompressed keywords determine the compression utility used when files are added, or later appended, to the archive and the decompression utility to use when extracting the files. If you do not specify an extension for the archive file, the defaults are as follows:
The remove keyword specifies that the Cisco NX-OS software should delete the files from the file system after adding them to the archive. By default, the files are not deleted. The verbose keyword specifies that the Cisco NX-OS software should list the files as they are added to the archive. By default, the files are listed as they are added. |
Example
This example shows how to create a gzip compressed archive file:
Appending Files to an Archive File
You can append files to an existing archive file on your Cisco NX-OS device.
Before you begin
You have created an archive file on your Cisco NX-OS device.
Procedure
| Command or Action | Purpose |
|---|---|
tar append {bootflash: | volatile:} [absolute] [remove] [verbose] | Adds files to an existing archive file. The archive filename is not case sensitive. The absolute keyword specifies that the leading backslash characters (\) should not be removed from the names of the files added to the archive file. By default, the leading backslash characters are removed. The remove keyword specifies that the Cisco NX-OS software should delete the files from the filesystem after adding them to the archive. By default, the files are not deleted. The verbose keyword specifies that the Cisco NX-OS software should list the files as they are added to the archive. By default, the files are listed as they are added. |
Example
This example shows how to append a file to an existing archive file:
Extracting Files from an Archive File
You can extract files to an existing archive file on your Cisco NX-OS device.
Before you begin
You have created an archive file on your Cisco NX-OS device.
Procedure
| Command or Action | Purpose |
|---|---|
tar extract {bootflash: | volatile:} [keep-old] [screen] [to {bootflash: | volatile: |
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 7.x
This chapter describes how to configure Secure Shell Protocol (SSH) and Telnet on Cisco NX-OS devices.
This chapter includes the following sections:
About SSH and Telnet
This section includes information about SSH and Telnet.
SSH Server
You can use the SSH server to enable an SSH client to make a secure, encrypted connection to a Cisco NX-OS device. SSH uses strong encryption for authentication. The SSH server in the Cisco NX-OS software can interoperate with publicly and commercially available SSH clients.
The user authentication mechanisms supported for SSH are RADIUS, TACACS+, LDAP, and the use of locally stored usernames and passwords.
SSH Client
The SSH client feature is an application that runs over the SSH protocol to provide device authentication and encryption. The SSH client enables a Cisco NX-OS device to make a secure, encrypted connection to another Cisco NX-OS device or to any other device that runs the SSH server. This connection provides an outbound connection that is encrypted. With authentication and encryption, the SSH client allows for a secure communication over an insecure network.
The SSH client in the Cisco NX-OS software works with publicly and commercially available SSH servers.
SSH Server Keys
SSH requires server keys for secure communications to the Cisco NX-OS device. You can use SSH server keys for the following SSH options:
SSH version 2 using Rivest, Shamir, and Adelman (RSA) public-key cryptography
SSH version 2 using the Digital System Algrorithm (DSA)
Be sure to have an SSH server key-pair with the appropriate version before enabling the SSH service. You can generate the SSH server key-pair according to the SSH client version used. The SSH service accepts the following types of key-pairs for use by SSH version 2:
The dsa option generates the DSA key-pair for the SSH version 2 protocol.
The rsa option generates the RSA key-pair for the SSH version 2 protocol.
By default, the Cisco NX-OS software generates an RSA key using 1024 bits.
SSH supports the following public key formats:
OpenSSH
IETF Secure Shell (SECSH)
Public Key Certificate in Privacy-Enhanced Mail (PEM)
 Caution | If you delete all of the SSH keys, you cannot start the SSH services. |
SSH Authentication Using Digital Certificates
SSH authentication on Cisco NX-OS devices provide X.509 digital certificate support for host authentication. An X.509 digital certificate is a data item that ensures the origin and integrity of a message. It contains encryption keys for secured communications and is signed by a trusted certification authority (CA) to verify the identity of the presenter. The X.509 digital certificate support provides either DSA or RSA algorithms for authentication.
The certificate infrastructure uses the first certificate that supports the Secure Socket Layer (SSL) and is returned by the security infrastructure, either through a query or a notification. Verification of certificates is successful if the certificates are from any of the trusted CAs configured and if not revoked or expired.
You can configure your device for SSH authentication using an X.509 certificate. If the authentication fails, you are prompted for a password.
Beginning with Cisco NX-OS Release 7.0(3)I5(1), you can configure SSH authentication using X.509v3 certificates (RFC 6187). X.509v3 certificate-based SSH authentication uses certificates combined with a smartcard to enable two-factor authentication for Cisco device access. The SSH client is provided by Cisco partner Pragma Systems.
Telnet Server
The Telnet protocol enables TCP/IP connections to a host. Telnet allows a user at one site to establish a TCP connection to a login server at another site and then passes the keystrokes from one device to the other. Telnet can accept either an IP address or a domain name as the remote device address.
The Telnet server is disabled by default on the Cisco NX-OS device.
Licensing Requirements for SSH and Telnet
The following table shows the licensing requirements for this feature:
Product | License Requirement |
|---|---|
Cisco NX-OS | SSH and Telnet require no license. Any feature not included in a license package is bundled with the nx-os image and is provided at no extra charge to you. For an explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide. |
Prerequisites for SSH and Telnet
Make sure that you have configured IP on a Layer 3 interface, out-of-band on the mgmt 0 interface, or inband on an Ethernet interface.
Guidelines and Limitations for SSH and Telnet
SSH and Telnet have the following configuration guidelines and limitations:
The Cisco NX-OS software supports only SSH version 2 (SSHv2).
Due to a Poodle vulnerability, SSLv3 is no longer supported.
Prior to Cisco NX-OS Release 7.0(3)I7(6), the no feature ssh command would disable port 22. For all later Cisco NX-OS releases, when you use the no feature ssh feature command, port 22 is not disabled and remains open and a deny rule is pushed to deny all incoming external connections.
IPSG is not supported on the following:
The last six 40-Gb physical ports on the Cisco Nexus 9372PX, 9372TX, and 9332PQ switches
All 40G physical ports on the Cisco Nexus 9396PX, 9396TX, and 93128TX switches
You can configure your device for SSH authentication using an X.509 certificate. If the authentication fails, you are prompted for a password.
The SFTP server feature does not support the regular SFTP chown and chgrp commands.
When the SFTP server is enabled, only the admin user can use SFTP to access the device.
SSH public and private keys imported into user accounts that are remotely authenticated through a AAA protocol (such as RADIUS or TACACS+) for the purpose of SSH Passwordless File Copy will not persist when the Nexus device is reloaded unless a local user account with the same name as the remote user account is configured on the device before the SSH keys are imported.
SSH timeout period must be longer than the time of the tac-pac generation time. Otherwise, the VSH log might show %VSHD-2-VSHD_SYSLOG_EOL_ERR error. Ideally, set to 0 (infinity) before collecting tac-pac or showtech.
 Note | If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use. |
Default Settings for SSH and Telnet
This table lists the default settings for SSH and Telnet parameters.
Parameters | Default |
|---|---|
SSH server | Enabled |
SSH server key | RSA key generated with 1024 bits |
RSA key bits for generation | 1024 |
Telnet server | Disabled |
Telnet port number | 23 |
Maximum number of SSH login attempts | 3 |
SCP server | Disabled |
SFTP server | Disabled |
Configuring SSH
This section describes how to configure SSH.
Generating SSH Server Keys
You can generate an SSH server key based on your security requirements. The default SSH server key is an RSA key that is generated using 1024 bits.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | configure terminal Example: | Enters global configuration mode. |
| Step 2 | no feature ssh Example: | Disables SSH. |
| Step 3 | ssh key {dsa [force] | rsa [[force]]} Example: | Generates the SSH server key. The argument is the number of bits used to generate the RSA key. The range is from 768 to 2048. The default value is 1024. You cannot specify the size of the DSA key. It is always set to 1024 bits. Use the force keyword to replace an existing key. |
| Step 4 | feature ssh Example: | Enables SSH. |
| Step 5 | exit Example: | Exits global configuration mode. |
| Step 6 | (Optional) show ssh key [dsa | rsa | ] [md5] Example: | (Optional) Displays the SSH server keys. For Cisco NX-OS Release 7.0(3)I4(6) and 7.0(3)I6(1) and later releases, this command displays the fingerprint in SHA256 format by default. SHA256 is more secure than the old default format of MD5. However, the md5 option has been added, if you want to see the fingerprint in MD5 format for backward compatibility. |
| Step 7 | (Optional) copy running-config startup-config Example: | (Optional) Copies the running configuration to the startup configuration. |
Specifying the SSH Public Keys for User Accounts
You can configure an SSH public key to log in using an SSH client without being prompted for a password. You can specify the SSH public key in one of these formats:
OpenSSH format
IETF SECSH format
Specifying the SSH Public Keys in IETF SECSH Format
You can specify the SSH public keys in IETF SECSH format for user accounts.
Before you begin
Generate an SSH public key in IETF SCHSH format.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | copybootflash: Example: | Downloads the file containing the SSH key in IETF SECSH format from a server. The server can be FTP, secure copy (SCP), secure FTP (SFTP), or TFTP. |
| Step 2 | configure terminal Example: | Enters global configuration mode. |
| Step 3 | usernamesshkey file bootflash: Example: | Configures the SSH public key in IETF SECSH format. |
| Step 4 | exit Example: | Exits global configuration mode. |
| Step 5 | (Optional) show user-account Example: | (Optional) Displays the user account configuration. |
| Step 6 | (Optional) copy running-config startup-config Example: | (Optional) Copies the running configuration to the startup configuration. |
Specifying the SSH Public Keys in OpenSSH Format
You can specify the SSH public keys in OpenSSH format for user accounts.
Before you begin
Generate an SSH public key in OpenSSH format.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | configure terminal Example: | Enters global configuration mode. |
| Step 2 | username sshkey Example: | Configures the SSH public key in OpenSSH format. |
| Step 3 | exit Example: | Exits global configuration mode. |
| Step 4 | (Optional) show user-account Example: | (Optional) Displays the user account configuration. |
| Step 5 | (Optional) copy running-config startup-config Example: | (Optional) Copies the running configuration to the startup configuration. |
Configuring a Maximum Number of SSH Login Attempts
You can configure the maximum number of SSH login attempts. If the user exceeds the maximum number of permitted attempts, the session disconnects.
Note | The total number of login attempts includes attempts through public-key authentication, certificate-based authentication, and password-based authentication. If public-key authentication is enabled, it takes priority. If only certificate-based and password-based authentication are enabled, certificate-based authentication takes priority. If you exceed the configured number of login attempts through all of these methods, a message appears indicating that too many authentication failures have occurred. |
Procedure
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 | configure terminal Example: | Enters global configuration mode. | ||
| Step 2 | ssh login-attempts Example: | Configures the maximum number of times that a user can attempt to log into an SSH session. The default maximum number of login attempts is 3. The range is from 1 to 10.
| ||
| Step 3 | (Optional) show running-config security all Example: | (Optional) Displays the configured maximum number of SSH login attempts. | ||
| Step 4 | (Optional) copy running-config startup-config Example: | (Optional) (Optional) Copies the running configuration to the startup configuration. |
Starting SSH Sessions
You can start SSH sessions using IPv4 or IPv6 to connect to remote devices from the Cisco NX-OS device.
Before you begin
Obtain the hostname for the remote device and, if needed, the username on the remote device.
Enable the SSH server on the remote device.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | ssh [@]{ | } [vrf] Example: | Creates an SSH IPv4 session to a remote device using IPv4. The default VRF is the default VRF. |
| Step 2 | ssh6 [@]{ | } [vrf ] Example: | Creates an SSH IPv6 session to a remote device using IPv6. |
Starting SSH Sessions from Boot Mode
You can start SSH sessions from the boot mode of the Cisco NX-OS device to connect to remote devices.
Before you begin
Obtain the hostname for the remote device and, if needed, the username on the remote device.
Enable the SSH server on the remote device.
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | ssh [@] Example: | Creates an SSH session to a remote device from the boot mode of the Cisco NX-OS device. The default VRF is always used. |
| Step 2 | exit Example: | Exits boot mode. |
| Step 3 | copy scp://[@]/ Example: | Copies a file from the Cisco NX-OS device to a remote device using the Secure Copy Protocol (SCP). The default VRF is always used. |
Configuring SSH Passwordless File Copy
You can copy files from a Cisco NX-OS device to a secure copy (SCP) or secure FTP (SFTP) server without a password. To do so, you must create an RSA or DSA identity that consists of public and private keys for authentication with SSH.
Procedure
| Command or Action | Purpose | |||||
|---|---|---|---|---|---|---|
| Step 1 | configure terminal Example: | Enters global configuration mode. | ||||
| Step 2 | [no] username keypair generate {rsa [ [force]] | dsa [force]} Example: | Generates the SSH public and private keys and stores them in the home directory ($HOME/.ssh) of the Cisco NX-OS device for the specified user. The Cisco NX-OS device uses the keys to communicate with the SSH server on the remote machine. The argument is the number of bits used to generate the key. The range is from 768 to 2048. The default value is 1024. Use the force keyword to replace an existing key. The SSH keys are not generated if the force keyword is omitted and SSH keys are already present. | ||||
| Step 3 | (Optional) show username keypair Example: | (Optional) Displays the public key for the specified user.
| ||||
| Step 4 | username keypair export {bootflash: | volatile:} {rsa | dsa} [force] Example: | Exports the public and private keys from the home directory of the Cisco NX-OS device to the specified bootflash or volatile directory. Use the force keyword to replace an existing key. The SSH keys are not exported if the force keyword is omitted and SSH keys are already present. To export the generated key pair, you are prompted to enter a passphrase that encrypts the private key. The private key is exported as the file that you specify, and the public key is exported with the same filename followed by a .pub extension. You can now copy this key pair to any Cisco NX-OS device and use SCP or SFTP to copy the public key file (*.pub) to the home directory of the server.
| ||||
| Step 5 | username keypair import {bootflash: | volatile:} {rsa | dsa} [force] Example: | Imports the exported public and private keys from the specified bootflash or volatile directory to the home directory of the Cisco NX-OS device. Use the force keyword to replace an existing key. The SSH keys are not imported if the force keyword is omitted and SSH keys are already present. To import the generated key pair, you are prompted to enter a passphrase that decrypts the private key. The private key is imported as the file that you specify, and the public key is imported with the same filename followed by a .pub extension.
|
What to do next
On the SCP or SFTP server, use the following command to append the public key stored in the *.pub file (for example, key_rsa.pub) to the authorized_keys file:
$ cat key_rsa.pub >> $HOME/.ssh/ authorized_keys
You can now copy files from the Cisco NX-OS device to the server without a password using standard SSH and SCP commands.
Configuring SCP and SFTP Servers
You can configure an SCP or SFTP server on the Cisco NX-OS device in order to copy files to and from a remote device. After you enable the SCP or SFTP server, you can execute an SCP or SFTP command on the remote device to copy the files to or from the Cisco NX-OS device.
Note | The arcfour and blowfish cipher options are not supported for the SCP server. |
Procedure
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | configure terminal Example: | Enters global configuration mode. |
| Step 2 | [no] feature scp-server Example: | Enables or disables the SCP server on the Cisco NX-OS device. |
| Step 3 | [no] feature sftp-server Example: | Enables or disables the SFTP server on the Cisco NX-OS device. |
| Step 4 | exit Example: | Exits global configuration mode. |
| Step 5 | (Optional) show running-config security Example: | (Optional) Displays the configuration status of the SCP and SFTP servers. |
| Step 6 | (Optional) copy running-config startup-config Example: | (Optional) Copies the running configuration to the startup configuration. |
Configuring X.509v3 Certificate-Based SSH Authentication
You can configure SSH authentication using X.509v3 certificates.
Before you begin
Before Contacting Technical Support
Copying Files to or from Cisco NX-OS
You might need to move files to or from the device. These files may include the log, configuration, or firmware
files.
Cisco NX-OS offers protocols to use for copying to or from the device. The device always acts as a client, so
that an FTP, SCP, or TFTP session always originates from Cisco NX-OS and either pushes files to an external
system or pulls files from an external system.
File Server: 172.22.36.10
File to be copied to the switch: /etc/hosts
The copy command supports the FTP, SCP, SFTP, and TFTP transfer protocols and many different sources
for copying files.
switch# copy ?
bootflash:
core:
debug:
ftp:
http:
https:
licenses
log:
logflash:
nvram:
running-config
scp:
sftp:
startup-config
system:
tftp:
usb1:
usb2:
volatile:
You can use secure copy (SCP) as the transfer mechanism, as follows:
scp:[//[[email protected]]server][/path]
This example copies /etc/hosts from 172.22.36.10 to hosts.txt, for user user1:
switch# copy scp://[email protected]/etc/hosts bootflash:hosts.txt
[email protected]'s password:
hosts 100% |*****************************| 2035 00:00
This example backs up the startup configuration to an SFTP server:
switch# copy startup-config sftp://[email protected]/test/startup configuration.bak1
Connecting to 172.22.36.10...
[email protected]'s password:
switch#
You should back up the startup configuration to a server on a daily basis and prior to any changes. You
Note
could write a short script to run on Cisco NX-OS to perform a save and then a backup of the configuration.
The script needs to contain two commands: copy running-configuration startup-configuration and
copy startup-configuration tftp://server/name. To execute the script, use the run-script filename
command.
Select source filesystem
Select source filesystem
Select source filesystem
Select source filesystem
Select source filesystem
Select source filesystem
Backup license files
Select source filesystem
Select source filesystem
Select source filesystem
Copy running configuration to destination
Select source filesystem
Select source filesystem
Copy startup configuration to destination
Select source filesystem
Select source filesystem
Select source filesystem
Select source filesystem
Select source filesystem
Cisco Nexus 9000 Series NX-OS Troubleshooting Guide, Release 7.x
Copying Files to or from Cisco NX-OS
91
Scp cisco nexus copy
Docile. asked Amir. Turn the corner, - You purred. Amir drove off to a deserted part of the courtyard and turned off the engine. It was almost dark outside.
Transfer Files and Directories with the \From the dressing room, I heard Oleg start. The show, loud screeching echoed his every word. I was waiting. Music thundered and even more distinct female laughter. I bit my lips and waited.
You will also be interested:
- 360 internet security mac
- 99 spec rx7 bumper
- Fire in lancaster right now
- Carvana jeep wrangler
- Pua news las vegas
- Games like dungeon souls
- Pharmaceutical sales salary
I screamed and screamed until the air in my lungs ran out, and he kept walking and walking in me, causing pain and suffering. What kind of orgasm. What delight. Pain, fear, hate. And pity for herself, a simple Soviet girl who firmly believed in the party and the people who were in it.