There are a couple of prerequisites before you can copy the config from a NetScreen or SSG via scp. First, obviously ssh and scp need to be enabled:
set ssh version v2
set ssh enable
set scp enable
And of course, you need to enable ssh management on the interface you’re going to connect to the device on:
set interface ethernet0 manage ssh
Once that has been done, from your PC, try the following:
scp netscreen@device-hostname:ns_sys_config ssg.cfg
And you should then have a file called ssg.cfg in that directory. Once again, simple when you know how.
It is also possible to load RSA/DSA keys against ScreenOS usernames, so that password-less login for ssh/scp can be utilised, allowing this method to form the basis of automated config backups.
Ok, now I’ve only tested this with routers running IOS – it may be a little different with Catalyst switches, since they store their config on flash, rather than nvram. On the other hand, it may be exactly the same, since we’re retrieving running-config, not startup-config.
First, you need to ensure that ssh and scp have been enabled. I strongly recommend that you run ssh version 2.
ip ssh version 2
ip scp server enable
Then, on your PC:
scp user@router-hostname:system:running-config .
You should then have a file called “running-config” in that directory. Pretty simple…
If you want to grab the startup-config instead of the running-config, try:
scp user@router-hostname:nvram:startup-config .
By using RSA keys to eliminate the password prompt at login, this method could be expanded to form the basis of an automated config backup. I know that various apps already exist, but a lot of them retrieve the config via “expect” scripts, basically executing a “show run” and capturing the output.
Another method of retrieving the config is via SNMP, however unless you’re using SNMP v3 with encryption, this method is potentially insecure.