Backing up Brocade / Ruckus ICX switches with SCP and SSH public keys

Aug 16, 2023 · 2 min read ·

Backing up your switch configuration is a great way to save your bacon in the case of hardware (or user) error. You can automate this process on Brocade / Ruckus ICX switches using SCP, SSH public keys and some scripting.

First ensure that SCP and public key authentication are enabled on your switch:

 1SSH@switch#show ip ssh config                                    
 2SSH server                 : Enabled
 3SSH port                   : tcp\22
 4Host Key                   : RSA 2048,ECDSA
 5Encryption                 : aes256-cbc,aes192-cbc,aes128-cbc,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc
 6Authentication methods     : Password, Public-key, Interactive
 7Login timeout (seconds)    : 120
 8Idle timeout (minutes)     : 0
 9SCP                        : Enabled
10SSH Client Keys            :
11Client Rekey               : 500000K 30m (KB, Minute)
12Server Rekey               : 500000K 30m (KB, Minute)

If not, they can be enabled with the following commands:

1ip ssh key-authentication yes
2ip ssh scp enable

Additionally, you must upload your SSH public key to the switch. I also had to re-upload my public key after moving from FastIron 8.x to 9.x. The command to do this is:

1SSH@switch#copy scp flash serverIP /home/user/.ssh/id_rsa.pub ssh-pub-key-file
2
3 Login:user
4 Password:
5Parameter Validation Successful
6....File Download Done
7File Write Done
8File Download Complete
9SSH@switch#

Now you can use SCP to grab the startup configuration:

1FastIron 8 and earlier:  
2scp user@switchIP:startConfig startup-config.txt
3
4FastIron 9+:  
5scp user@switchIP:/fast_iron/startup-config.txt startup-config.txt

References:
FastIron 8.x Security Configuration Guide
FastIron 9.x Security Configuration Guide