2

I want to backup the running-config of all switches per SCP to a server.

Question 1: is this possible with kron? Is there a better way and why?

Question 2: how can I get the public key of the switch to auto-authentificate the user to the server?

Thank you very much.

Ueli
  • 121
  • 2
  • Trivial googling bringa up e.g. [this](http://glennmatthys.wordpress.com/2012/01/07/ssh-with-key-authentication-on-cisco-ios-devices/). – tripleee Jul 11 '13 at 08:36

2 Answers2

0

Answer to question 1:

Assuming you mean cron, yes it's possible, and without knowing more details about your environment it'll be impossible to guess whether there is a better way or not.

Answer to question 2: Sounds like you want the SSH/scp client to automatically accept the host key of the remote end.

The most secure way to do it would be to use scp -o StrictHostKeyChecking=accept-new ..., which will auto-accept host keys of previously-unseen remote hosts, but will stop and alert if it sees that a previously-known host key has been altered.

If you trust that the risk of man-in-the-middle attacks is low and want even more convenience (or if you have an old SSH implementation), you could use scp -o StrictHostKeyChecking=no ... which will accept all new and changed remote host keys automatically.

The default is equivalent to scp -o StrictHostKeyChecking=ask ....

telcoM
  • 87,318
  • 3
  • 112
  • 232
0

You can ssh to cisco IOS using public key. In Cisco device, using this command:

ip ssh key-chain

or

ip ssh pubkey-chain

depend on your IOS version.

You can simply creat a bash file, schedule it to run with cron.

Updated

Do you try generating ssh key from cisco device:

crypto key generate rsa

then copy public key generated to Linux server, and try to connect?

cuonglm
  • 150,973
  • 38
  • 327
  • 406
  • Thank you. But that's to auth to the cisco device, I need to auth from the device to a server – Ueli Jul 12 '13 at 09:10