Configuring SSH File Transfer Protocol
Secure Shell (SSH) includes support for SSH File Transfer Protocol (SFTP), which is a new standard file
transfer protocol introduced in SSHv2. This feature provides a secure and authenticated method for copying
device configuration or device image files.
• Prerequisites for SSH File Transfer Protocol, on page 1
• Restrictions for SSH File Transfer Protocol, on page 1
• Information About SSH File Transfer Protocol, on page 1
• How to Configure SSH File Transfer Protocol, on page 2
• Example: Configuring SSH File Transfer Protocol, on page 3
• Additional References for SSH File Transfer Protocol, on page 3
• Feature History for SSH File Transfer Protocol, on page 4
Prerequisites for SSH File Transfer Protocol
• SSH must be enabled.
• The ip ssh source-interface interface-type interface-number command must be configured.
Restrictions for SSH File Transfer Protocol
• The SFTP server is not supported.
• SFTP boot is not supported.
• The sftp option in the install add command is not supported.
Information About SSH File Transfer Protocol
The SFTP client functionality is provided as part of the SSH component and is always enabled on the
corresponding device. Therefore, any SFTP server user with the appropriate permission can copy files to and
from the device.
An SFTP client is VRF-aware; you can configure the secure FTP client to use the virtual routing and forwarding
(VRF) associated with a particular source interface during connection attempts.
Configuring SSH File Transfer Protocol
1
How to Configure SSH File Transfer Protocol
The following sections provide information about the various tasks that comprise an SFTP configuration.
Configuring SFTP
Perform the following steps:
Before you begin
To configure a Cisco device for SFTP client-side functionality, the ip ssh source-interface interface-type
interface-number command must be configured first.
Procedure
PurposeCommand or Action
Enables privileged EXEC mode. Enter your
password, if prompted.
enable
Example:
Step 1
Device> enable
Enters global configuration mode.configure terminal
Example:
Step 2
Device# configure terminal
Defines the source IP for the SSH session.ip ssh source-interface interface-type
interface-number
Step 3
Example:
Device(config)# ip ssh source-interface
GigabitEthernet 1/0/1
Exits global configuration mode and returns to
privileged EXEC mode.
exit
Example:
Step 4
Device(config)# exit
(Optional) Displays the SFTP client-side
functionality.
show running-config
Example:
Step 5
Device# show running-config
(Optional) Enables SFTP debugging.debug ip sftp
Example:
Step 6
Device# debug ip sftp
Configuring SSH File Transfer Protocol
2
Configuring SSH File Transfer Protocol
How to Configure SSH File Transfer Protocol
Perform an SFTP Copy Operation
SFTP copy takes the IP or hostname of the corresponding server if Domain Name System (DNS) is configured.
To perform SFTP copy operations, use the following commands in privileged EXEC mode:
PurposeCommand
Copies a file from the local Cisco IOS file system to the
server.
Specify the username, password, IP address, and filepath
of the server.
Device# copy ios-file-system:file
sftp://user:pwd@server-ip//filepath
Or
Device# copy ios-file-system: sftp:
Copies the file from the server to the local Cisco IOS
file system.
Specify the username, password, IP address, and filepath
of the server.
Device# copy sftp://user:pwd@server-ip
//filepath ios-file-system:file
Or
Device# copy sftp: ios-file-system:
Example: Configuring SSH File Transfer Protocol
The following example shows how to configure the client-side functionality of SFTP:
Device> enable
Device# configure terminal
Device(config)# ip ssh source-interface gigabitethernet 1/0/1
Device(config)# exit
Additional References for SSH File Transfer Protocol
Related Documents
Document TitleRelated Topic
Security Configuration GuideSecure Shell Version 1 and 2 Support
Configuring SSH File Transfer Protocol
3
Configuring SSH File Transfer Protocol
Perform an SFTP Copy Operation
Technical Assistance
LinkDescription
http://www.cisco.com/supportThe Cisco Support website provides extensive online resources, including
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you can
subscribe to various services, such as the Product Alert Tool (accessed from
Field Notices), the Cisco Technical Services Newsletter, and Really Simple
Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user
ID and password.
Feature History for SSH File Transfer Protocol
This table provides release and related information for features explained in this module.
These features are available on all releases subsequent to the one they were introduced in, unless noted
otherwise.
Feature InformationFeatureRelease
SSH includes support for
SFTP, a new standard file
transfer protocol
introduced in SSHv2.
SSH File
Transfer
Protocol
Cisco IOS XE Gibraltar 16.10.1
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco
Feature Navigator, go to http://www.cisco.com/go/cfn.
Configuring SSH File Transfer Protocol
4
Configuring SSH File Transfer Protocol
Feature History for SSH File Transfer Protocol
