ElKono

Cisco… what else…

Daily Backup from Cisco Router Configuration with SCP (Secure Copy)

hi,

today I let you know how you can do a “secure” automatic backup from your router configuration… let’s go! I’ve done it with an Windows Server 2003 as backup server you can also try it with a Linuxbox 😉

Note: the username and password are stored in cleartext in the config.

Download & Install OpenSSH for windows (http://sshwindows.sourceforge.net)

  • Install default
  • open services.msc -> start OpenSSH server

Create a local user:

  • User: cisco
  • Pass: secure
    • Add user to local ADMINISTRATOR group (otherwise you cannot connect)

open cmd

  • cd “\Program Files\OpenSSH\bin\”
  • mkgroup –l >> ..\etc\group
  • mkpasswd –l >> ..\etc\passwd
    • this 2 cmds creates local group & user files

open  regedit

  • HKEY_LOCAL_MACHINE\Software\Cygnus Solutions\Cygwin\mounts v2/home2
    • Change key “native” from “C:\Documents and Settings” to your Backup Drive i.e. “e:\”
    • Now you can change the homepath from “/home/cisco” in the passwd file to “/”

open services.msc and start this service -> “OpenSSH”

Now test with putty if you can connect to this SSH Server

  • 127.0.0.1 port 22
  • User: cisco
  • Pass: secure

Now we have to configure the router that it does the backup automatically.

Variables:

  • $h = hostname
  • $t = time (command does not work fine – better leave it away)

Path: save path
Write-memory – when you save manually he will save also via SCP
Time-period: 1440 Minutes -> daily backup | 10080 weekly backup

Connect to router via SSH and execute following commands

router# conf t
router(config)# archive
router(config-archive)# path scp://cisco:secure@10.10.10.10//cygdrive/e/backup/network/switch/$h/$t-$h
router(config-archive)# write-memory
router(config-archive)# time-period 1440
router(config-archive)# exit
router(config)# exit
router# write memory

You are done!

Every time you do a write memory – it will also save via SCP!

[best regs]
elkono

Advertisements

5 responses to “Daily Backup from Cisco Router Configuration with SCP (Secure Copy)

  1. Khandesha Kothale March 7, 2013 at 15:28

    in archive path command username and password is still showing in plain text which is not good for security , any one can see that username and password which can be used to login scp server using that username and password, the password should be encrypted.

    Khandesha

    • elkono March 27, 2013 at 19:01

      Hi Khandesha,

      you are right. I put a note in my blog!

      thx elkono

      • Selvam August 20, 2013 at 13:09

        Hi,

        Am getting error Please help me to fix it.
        “native” from “C:\Documents and Settings” to your Backup Drive i.e. “c:\backup”

        %Error writing scp://*****:*****@10.85.10.XX//cygdrive/c/backup/network/switch/routername/Aug-20-05:54:11-CDT-routername (Protocol error)

        thanks,
        Selvam

      • Red December 17, 2014 at 22:51

        doesn’t cisco support RSA passwordless connectivity?

  2. Alberto April 4, 2014 at 06:16

    It is possible to encrypt the username and password in the configuration ?

%d bloggers like this: