  • Occasionally I have an issue when I try to SCP a file to one of our Cisco devices. When the connection starts, it immediately drops and says "lost connection". I've had this happen when there wasn't enough space on the flash drive but this isn't the case today.

    Below is the failure from a 3750X switch and the pertinent config info from the switch.

    laptop:C3750X user$ scp c3750e-universalk9-tar.150-2.SE4.tar [email protected]:c3750e-universalk9-tar.150-2.SE4.tar
    c3750e-universalk9-tar.150-2.SE4.tar            0%    0     0.0KB/s   --:-- ETAConnection to closed by remote host.
    lost connection
    laptop:C3750X user$ ssh [email protected]
    temp#sh run | sec aaa
    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local 
    aaa session-id common
    temp#sh run | sec ssh|scp
    ip ssh version 2
    ip scp server enable
     transport input ssh
    temp#sh run | sec line
    line con 0
    line vty 5 15
     transport input ssh
    Directory of flash:/
      526  -rwx         616  Mar 30 2011 01:39:31 +00:00  vlan.dat
      527  -rwx        2072  Mar 30 2011 01:40:52 +00:00  multiple-fs
      528  drwx         512  Mar 30 2011 03:23:11 +00:00  update
      529  -rwx        2955  Mar 30 2011 01:40:52 +00:00  config.text
      530  -rwx        3561  Mar 30 2011 01:40:52 +00:00  private-config.text
        2  drwx         512   Mar 1 1993 00:12:47 +00:00  c3750e-universalk9npe-mz.150-2.SE3
    57671680 bytes total (31971328 bytes free)

    I forgot to include the user section but cisco/cisco is a temp account with privilege 15.

    Any ideas why SCP is failing when SSH works just fine?

    EDIT: SCP debug output

    Mar 30 03:33:37.452: SCP: [22 ->] send <OK>
    Mar 30 03:33:37.687: SCP: [22 <-] recv C0644 25548800 c3750e-universalk9-tar.150-2.SE4.tar
    Mar 30 03:33:37.704: SCP: [22 ->] send <OK>
    Mar 30 03:33:38.400: SCP: [22 ->] send Write failed

    Here you are pushing a file from your laptop to the switch. What happens when pull the file, by running the copy command on the switch?

    That should be the solution. I haven't been successful with pushing files to Cisco devices, in general.

    Pulling files to it works but I don't see that as a solution. I run scripts off my laptop, so pushing is needed. Pulling is a workaround.

    have you tried all of these steps?

    you also seem to be using the wrong syntax per this forum on cisco's website (basically, you need to include the `flash:`)

    @legioxi Try adding `-v` on the SCP command to get a more verbose output of what's happening.

    Yes on Cisco switches. A workaround I'm using is to scp the updates to a local router and add a tftp-server statement for the file. Then download to the switch via tftp. Not a real solution though.

  • So, just to make sure that you haven't simply missed or misconfigured a step. Check Cisco's guide to SCP here

    Also I noticed that your scp command was in the form

     scp image.tar [email protected]:image.tar

    You may want to try

    scp image.tar [email protected]:flash:image.tar

    I added flash: per the sugggetion in this support forum on cisco.

    So, just to break it down, make sure you have an AAA model created, a user created, and the scp server enabled, then try it again. Also try connecting with the flash:.

  • For others that come across this, here is my solution. I had the same issue, similar scenario:

    $ scp c2900-universalk9-mz.SPA.155-3.M.bin [email protected]:/ Password: c2900-universalk9-mz.SPA.155-3.M.bin 0% 0 0.0KB/s --:-- ETA lost connection

    This was my fix:

    $ scp c2900-universalk9-mz.SPA.155-3.M.bin [email protected]://c2900-universalk9-mz.SPA.155-3.M.bin

    It seems dumb, but this solved it for me. I don't know why you should need to specify the destination file name.

  • I'll just attempt to enter an answer.. I've never seen an scp copy to a Cisco device work in the way you are trying to do it.

    I believe you should be able to use the Cisco Flash MIB to do remote pulls (initiated by your management server, as you are trying to do.)

    I believe this article should help you accomplish this.

  • It works except on ASA devices. The key is you have to have destination file name. Whether you use x.x.x.x:flash:filename or x.x.x.x://filename

