Retrieving IOS running-config via scp

Ok, now I’ve only tested this with routers running IOS – it may be a little different with Catalyst switches, since they store their config on flash, rather than nvram. On the other hand, it may be exactly the same, since we’re retrieving running-config, not startup-config.

First, you need to ensure that ssh and scp have been enabled. I strongly recommend that you run ssh version 2.

ip ssh version 2
ip scp server enable

Then, on your PC:

scp user@router-hostname:system:running-config .

You should then have a file called “running-config” in that directory. Pretty simple…

If you want to grab the startup-config instead of the running-config, try:

scp user@router-hostname:nvram:startup-config .

By using RSA keys to eliminate the password prompt at login, this method could be expanded to form the basis of an automated config backup. I know that various apps already exist, but a lot of them retrieve the config via “expect” scripts, basically executing a “show run” and capturing the output.

Another method of retrieving the config is via SNMP, however unless you’re using SNMP v3 with encryption, this method is potentially insecure.






Leave a Reply