[LAB] Secure Copy

Objective:

2.1.e Use SCP for file transfer.

For this lab session I’ll be using:

GNS3
Ubuntu Desktop 19.04
Cisco 7200 series Router

 


Out of the box the 7200 series Router that I’m using doesn’t have any flash or disk space available, but you can add them. Under ‘Configuration’ >  ‘Memories and disks’ an option to add PCMCIA disks is available.

Here they are on boot-up:

Router config:

R1(config)# ip domain-name layerunknown.com
R1(config)# crypto key generate rsa general-keys modulus 2048
R1(config)# username admin privilege 15 secret cisco
R1(config)# aaa new-model
R1(config)# aaa authentication login default local
R1(config)# aaa authorization exec default local
R1(config)# ip scp server enable

Host machines are getting IP addresses via DHCP from the Router. The Router’s address is 10.0.0.1.

Testing and verifying SSH.

You might be wondering why I’m specifying the cipher. If I don’t I’ll receive the following error:

Unable to negotiate with 10.0.0.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

Lets actually check the fingerprint. On the Router enter the following command:  show ip ssh

Copy from ssh-rsa to the end of the string and put it into a file. Remove any unnecessary white space and newlines and save the file, I saved it as test.pub.

Then execute the following command: ssh-keygen -lf test.pub

-f filename
Specifies the filename of the key file.

-l Show fingerprint of specified public key file. For RSA and DSA keys
ssh-keygen tries to find the matching public key file and prints its fin‐
gerprint. If combined with -v, a visual ASCII art representation of the
key is supplied with the fingerprint.

Comparing the output from that command to the RSA fingerprint we received when making the initial SSH connection we can see they match.

We’ve verified we’re connecting to the right device and that SSH is working. Lets test the PCMCIA disks work.

copy running-config disk0:

dir disk0:

Now for SCP.

I’ll first copy the running-config we just saved to disk0 from the router to my local machine. The following commands are being executed from the Ubuntu host.

scp -c aes256-cbc admin@10.0.0.1:disk0:/running-config /home/admin/Desktop

This command is logging into the remote host at 10.0.0.1 with the username admin then copying the file ‘running-config’ from disk0 and placing it onto my Desktop.

Then I’ll test the other direction by uploading test.pub from my local machine to disk0 on the router.

scp -c aes256-cbc ~/Desktop/test.pub admin@10.0.0.1:disk0:/test.pub

See the results in the screenshot below:

Using the dir and more commands on the router we can verify this.

SCP lab complete.

Now that we’ve done that, here’s the bad news. Recently, multiple SCP vulnerabilities have been discovered. See here.

Leave a Reply

Your email address will not be published. Required fields are marked *