Configuring SSH File Transfer Protocol

Secure Shell (SSH) includes support for SSH File Transfer Protocol (SFTP), which is a new standard file transfer protocol introduced in SSHv2. This feature provides a secure and authenticated method for copying device configuration or device image files.

Prerequisites for SSH File Transfer Protocol

  • SSH must be enabled.

  • The ip ssh source-interface interface-type interface-number command must be configured.

Restrictions for SSH File Transfer Protocol

  • The SFTP server is not supported.

  • SFTP boot is not supported.

  • The sftp option in the install add command is not supported.

Information About SSH File Transfer Protocol

The SFTP client functionality is provided as part of the SSH component and is always enabled on the corresponding device. Therefore, any SFTP server user with the appropriate permission can copy files to and from the device.

An SFTP client is VRF-aware; you can configure the secure FTP client to use the virtual routing and forwarding (VRF) associated with a particular source interface during connection attempts.

How to Configure SSH File Transfer Protocol

The following sections provide information about the various tasks that comprise an SFTP configuration.

Configuring SFTP

Perform the following steps:

Before you begin

To configure a Cisco device for SFTP client-side functionality, the ip ssh source-interface interface-type interface-number command must be configured first.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip ssh source-interface interface-type interface-number
  4. exit
  5. show running-config
  6. debug ip sftp

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode. Enter your password, if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ip ssh source-interface interface-type interface-number

Example:


Device(config)# ip ssh source-interface GigabitEthernet 1/0/1

Defines the source IP for the SSH session.

Step 4

exit

Example:


Device(config)# exit

Exits global configuration mode and returns to privileged EXEC mode.

Step 5

show running-config

Example:


Device# show running-config

(Optional) Displays the SFTP client-side functionality.

Step 6

debug ip sftp

Example:


Device# debug ip sftp

(Optional) Enables SFTP debugging.

Perform an SFTP Copy Operation

SFTP copy takes the IP or hostname of the corresponding server if Domain Name System (DNS) is configured. To perform SFTP copy operations, use the following commands in privileged EXEC mode:

Command

Purpose

Device# copy ios-file-system:file sftp://user:pwd@server-ip//filepath

Or

Device# copy ios-file-system: sftp:

Copies a file from the local Cisco IOS file system to the server.

Specify the username, password, IP address, and filepath of the server.

Device# copy sftp://user:pwd@server-ip //filepath ios-file-system:file

Or

Device# copy sftp: ios-file-system:

Copies the file from the server to the local Cisco IOS file system.

Specify the username, password, IP address, and filepath of the server.

Example: Configuring SSH File Transfer Protocol

The following example shows how to configure the client-side functionality of SFTP:


Device> enable
Device# configure terminal
Device(config)# ip ssh source-interface gigabitethernet 1/0/1
Device(config)# exit

Additional References

Related Documents

Related Topic

Document Title

Secure Shell Version 1 and 2 Support

Configuring Secure Shell

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for SSH File Transfer Protocol

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for SFTP

Feature Name

Releases

Feature Information

SSH File Transfer Protocol (SFTP)

Cisco IOS Release 15.2(7)E

SSH includes support for SFTP, a new standard file transfer protocol introduced in SSHv2.