can't copy file to cisco switch
Closed this issue · 3 comments
Hi there,
I love your script!
When copying iOS firmware to a switch using -f I get an error
besides that I'd like to copy it to all switches, instead of only the 'master' I hope this is possible.
#python swITch.py -e -i ip.list -a auth.txt -f c2960x-universalk9-mz.152-6.E.bin
SSH connection open to 10.xxx.xxx.xxx
Start transfer process: 2019-03-07 13:38:31.122455
Traceback (most recent call last):
File "swITch.py", line 275, in <module>
swITch()
File "swITch.py", line 81, in __init__
args.port, args.suppress, args.file, args.verbose, args.zomg)
File "swITch.py", line 200, in main
log.event('info', dev.transfer_file(file_image))
File "/Users/dennis/Downloads/swITch-master/device_connector.py", line 116, in transfer_file
scp_transfer.transfer_file() # Transfer file
File "/Library/Python/2.7/site-packages/netmiko/scp_handler.py", line 279, in transfer_file
self.put_file()
File "/Library/Python/2.7/site-packages/netmiko/scp_handler.py", line 292, in put_file
self.scp_conn.scp_transfer_file(self.source_file, destination)
File "/Library/Python/2.7/site-packages/netmiko/scp_handler.py", line 39, in scp_transfer_file
self.scp_client.put(source_file, dest_file)
File "/Library/Python/2.7/site-packages/scp.py", line 157, in put
self._recv_confirm()
File "/Library/Python/2.7/site-packages/scp.py", line 361, in _recv_confirm
raise SCPException(asunicode(msg[1:]))
scp.SCPException: Privilege denied.
Hi, thanks for reaching out. I will take a look at the issue when I have a moment. Thanks.
A quick guess, but Cisco's SCP (used for file transfer) requires authorization to be configured as well as authentication.
"Scp adds the requirement that AAA authorization be turned on so that the operating system can determine whether or not the user is at the correct privilege level."
This may explain your error message. scp.SCPException: Privilege denied.
I remember running into this issue a while ago. I added the flag -z (a hidden flag), to temporarily enable authorization for the transfer, then disable it afterwards. Adding -z in your command will run the following command on your switch. Note, it will use TACACS+ first, then fallback to local authorization.
aaa authorization exec default group TACACS_PLUS local
If this you just have local switch accounts, you may try to enable local authorization only to see if that resolves the privilege denied error.
aaa authorization exec default local
Let me know if that works. Again, this is from memory, so it may not be quite right. I don't have a Cisco lab available at the moment, so I will get one setup so I can perform additional testing.
Finally, regarding your request for copying images to all members flash in a stack and not just the master. At this stage, the script will only copy to the master. Copying the image to all members of the stack would be a feature request that I can work on. However, first I need to create a test environment :)
Let me know if you need clarification and if my suggestion works.
Hi ctomkow,
the exec privilege seems to work indeed! It's copying now, thanks :)
I also tried to use -c to copy firmware from one flash to another, which would be a more controlled way of course, need to check if all the switches are the correct model etc...
After a while it times out I guess:
#python swITch.py -e -i 10.xxx.xxx.xx,cisco_ios -a auth.txt -c 'copy flash1:c2960x-universalk9-mz.152-6.E.bin flash4:c2960x-universalk9-mz.152-6.E.bin'
SSH connection open to 10.xxx.xxx.xxx
Traceback (most recent call last):
File "swITch.py", line 275, in <module>
swITch()
File "swITch.py", line 81, in __init__
args.port, args.suppress, args.file, args.verbose, args.zomg)
File "swITch.py", line 189, in main
log.event('log_only', dev.send_command(cmd) + "\n") # send command
File "/Users/dennis/Downloads/swITch-master/device_connector.py", line 95, in send_command
return self.device_connection.send_command(cmd)
File "/Library/Python/2.7/site-packages/netmiko/base_connection.py", line 1188, in send_command
search_pattern))
IOError: Search pattern never detected in send_command_expect: SER\-B0\#
It would be an awesome and useful feature, or if you can just provide the flash storage(s) you want it on, or just all.
The master can of course be different than flash1, I don't know what is faster, the scp or the copy from flash to flash.
For now I'll just loop through my switches and enable the scp and then copy it and disable scp afterwards :)
Again very awesome tool!