cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

SFTP Server with Open SSH - installation / configuration

1578
Views
0
Helpful
0
Comments

There are only a handful of Cisco recommended SFTP servers for UC application backups. One of them is Open SSH. This document explains how to install a SSH server based on Open SSH. The proxy / relay function is optional.

 

Solution Description

The server is a proxy / relay for backups from Cisco Unified Communications Appliances (Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Unified Contact Center Express, etc.)

The UC appliance backups are received daily.

A script runs at 9pm each day to copy the backup files to a Windows file server after removing old backup files to preserve space.

The operating system for the backup server is Debian7 (Wheezy) 32-Bit (due to lower hardware requirements).

This guide assumes the server is installed on a virtual machine inside VMware ESXi.

 

Assumptions

Backup to SFTP & TFTP Server:

Device

Backup time

Backup Destination

CUCM

18:30

SFTP (10.10.10.50)

CUC

20:00

SFTP (10.10.10.50)

Router / Switches

On demand

TFTP (10.10.10.50)

 

Copy on Windows file server:

Device

Backup Destination

CUCM

\\fs1\UC\ Backup\cucm

CUC

\\fs1\UC\ Backup\cuc

Router / Switches

\\fs1\UC\ Backup\router and switches

 

Installation

Virtual machine setup:

Setting

Value

VM Name

SFTP-Server

Guest OS

Debian GNU/Linux 6 (32-Bit)

Memory

512 MB

Network

VM Network / E1000

Storage

40 GB

 

All settings not mentioned were left at default.

 

Operating system installation:

ISO image: debian-7.8.0-i386-netinst.iso

Setting

Value

Language / Location / Keyboard

English / Canada / American English

Host name

SFTP-Server

Domain name

domain.int

Software selection

SSH server / Standard system utilities

 

All settings / values not mentioned were left at default.

For usernames and passwords see appendix.

 

Configuration

Below are the required CLI inputs.

 

Network settings:

First the IP address, subnet mask and gateway are configured. Then the name servers are added and the server is rebooted.

nano /etc/network/interfaces

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address 10.10.10.50
        netmask 255.255.255.0
        gateway 10.10.10.254

 

nano /etc/resolv.conf

domain domain.int
search domain.int
nameserver 10.10.10.1
nameserver 8.8.8.8
nameserver 8.8.4.4

 

shutdown -r now

 

Now you can login through SSH (e.g. Putty) using IP address 10.10.10.50

 

User configuration

User accounts for the SFTP connections are created.

adduser cucm

Enter new UNIX password:
Retype new UNIX password:
Full Name []: CUCM Backup
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y

 

adduser cuc

Enter new UNIX password:
Retype new UNIX password:
Full Name []: CUC Backup
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y

 

Installation of additional software

First the list of available software packages is updated.

apt-get update

 

Now the SMB file system (to access Windows file servers) is being installed.

apt-get install cifs-utils

 

Establish Windows file server connection

First a new directory is created which will be used to mount the windows file share.

mkdir /mnt/fs1

A separate file contains the username and password for the file server access.

nano /root/.smbcredentials

username=Username
password=Password
domain=Domain

 

The file "/etc/fstab" contains all mount points that are loaded during startup. The Windows file share is added and the credential file is referenced.

nano /etc/fstab

//fs1/UC /mnt/fs1      cifs    sec=ntlm,credentials=/root/.smbcredentials        0       0

 

Create backup script

The backup script is similar to a batch file and is called by the scheduler "cron".

nano /root/cp-backups.sh

# shell script to copy Backups to Windows Server
#
# Remove old Backup files on Windows Server before copy
echo "removing old Backup files..."
rm /mnt/fs1/Backup/cucm/*
echo "starting copy of cucm..."
cp -r -v /home/cucm/* -t /mnt/fs1/Backup/cucm
# Remove old Backup files on Windows Server before copy
echo "removing old Backup files..."
rm /mnt/fs1/Backup/cuc/*
echo "starting copy of cuc..."
cp -r -v /home/cuc/* -t /mnt/fs1/Backup/cuc
#
echo "Done"
exit 0

After creating the script it needs to be made executable.

chmod +x /root/cp-backups.sh

 

Create cron job

The scheduler is configured to run the script regularly.

crontab -e

0 21 * * * /root/cp-backups.sh 2>&1 > /var/log/cp-backups.log

The first five parameters define the time as follows:

  • minute (from 0 to 59)
  • hour (from 0 to 23)
  • day of the month (from 1 to 31)
  • month (from 1 to 12)
  • day of the week (from 0 to 6) (0=Sunday)

 

An asterisk refers to "all the time" (ie. every day of the month, every month, every day of the week).

The script output will be written to the log file "/var/log/cp-backups.log".

 

After a reboot of the server it is ready to go (the network drive will be mounted).

shutdown -r now

 

Appendix

Usernames and Passwords:

Username

Password

used for

root

P@ssw0rd

Administrator of SFTP Server

cucm

cisco

SFTP backup user for CUCM

cuc

cisco

SFTP backup user for CUC

backup-cisco

cisco

Domain user with access to Windows file share

 

Directories:

/home/cucm

Backup directory for CUCM

/home/cuc

Backup directory for CUC

/root

Home directory of root user (e.g. for ".smbcredentials" file)

/var/log

Default log directory

 

Configuration of Cisco Unified Communications appliances for DRS

The SFTP server is configured under Disaster Recovery System.

Please note, the field "Path Name" must use "./". Then enter the appropriate username / password for the SFTP user (e.g. "cucm" or "cuc").

 

Afterwards backups can be scheduled by clicking on "Scheduler".

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here