By default Cisco routers will come with scp file transfers disabled. Though they are easy enough to enable so that you can download / upload configurations to them using ssh / scp. Which is useful for doing backup's of router config files. In particular a lot of routers automatically.
The first part of the problem requires that you enable enough privileges to be able to access scp from a particular user. Normally there is a configuration line that looks like 'aaa authentication login default local' or like 'aaa authentication login default group radius local' if you are using radius authentication. You will need to add the exec permission to the same group.
This can be done with the following commands
aaa authorization exec default local
Or if using radius
aaa authorization exec default group radius local
Then you need to also enable the scp service which you can do with the following
ip scp server enable
At this stage you should now be able to scp the config file. From Linux I would use the following 'scp