Thanks for the info Franck, after upgrading to OpenSSH 7.2 CCX 8.5.1.11004-25 DRS stopped working with the error:

CiscoDRFFailure: Reason: Unable to access SFTP server or SFTP server too slow to respond.

All other UC elements (CUCM, CUC, CER, CUPS) continued to work as expected.

The ciphers that CCX 8.5 supports can be found in the OpenSSH logs /var/log/auth.log

fatal: Unable to negotiate with x.x.x.x port xxxxx: no matching cipher found. Their offer: aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256 [preauth]

To re-enable aes256-cbc you can add the below to the /etc/ssh/sshd_config file, restart the sshd service on your SFTP server and DRS will continue to work.

Ciphers +aes256-cbc

OpenSSH man page for sshd_config:

Ciphers specifies the ciphers allowed.  Multiple ciphers must be comma-separated.  If the specified value begins with a ‘+’ character, then the specified ciphers will be appended to the default set instead of replacing them.

The supported ciphers are:

3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr,    aes128-gcm@openssh.com, aes256-gcm@openssh.com, arcfour, arcfour128, arcfour256, blowfish-cbc, cast128-cbc, chacha20-poly1305@openssh.com

The default is:

chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com, aes256-gcm@openssh.com

The list of available ciphers may also be obtained using the -Q option of ssh(1) with an argument of “cipher”.

Command Line Interface is starting up, please wait ... java.io.FileNotFoundException: /var/log/active/platform/log/cli.bin (Read-only file system)         at java.io.RandomAccessFile.open(Native Method)         at java.io.RandomAccessFile.(RandomAccessFile.java:212)         at com.cisco.iptplatform.fappend.ciscoRollingFileAppender.restoreIndex(ciscoRollingFileAppender.java:100)         at com.cisco.iptplatform.fappend.ciscoRollingFileAppender.setFile(ciscoRollingFileAppender.java:43)         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)         at java.lang.reflect.Method.invoke(Method.java:597)         at org.apache.log4j.config.PropertySetter.setProperty(PropertySetter.java:205)         at org.apache.log4j.config.PropertySetter.setProperty(PropertySetter.java:164)         at org.apache.log4j.xml.DOMConfigurator.setParameter(DOMConfigurator.java:540)         at org.apache.log4j.xml.DOMConfigurator.parseAppender(DOMConfigurator.java:192)         at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurator.java:150)         at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfigurator.java:163)         at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.java:425)         at org.apache.log4j.xml.DOMConfigurator.parseRoot(DOMConfigurator.java:394)         at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:829)         at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:712)         at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:604)         at org.apache.log4j.xml.DOMConfigurator.configure(DOMConfigurator.java:733)         at sdMain.main(sdMain.java:602) java.lang.NullPointerException         at com.cisco.iptplatform.fappend.ciscoRollingFileAppender.updateIndex(ciscoRollingFileAppender.java:117)         at com.cisco.iptplatform.fappend.ciscoRollingFileAppender.nextFileName(ciscoRollingFileAppender.java:92)         at com.cisco.iptplatform.fappend.ciscoRollingFileAppender.append(ciscoRollingFileAppender.java:74)         at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:230)         at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:65)         at org.apache.log4j.Category.callAppenders(Category.java:203)         at org.apache.log4j.Category.forcedLog(Category.java:388)         at org.apache.log4j.Category.info(Category.java:663)         at sdMain.main(sdMain.java:616) log4j:ERROR No output stream or file set for the appender named [CLI_LOG].   Welcome to the Platform Command Line Interface     WARNING:         The /common file system is mounted read only.         Please use Recovery Disk to check the file system using fsck. admin:

--------------------------------------------------------------------------------------------------------------------------------------------Hitting Defect CSCti28336. 1. Reboot the server via CLI if you can, otherwise power-cycle the server by holding down the power button for 5 seconds or more. 2. Boot from a CUCM recovery disk and selection option f to perform a filesystem check. 3. reinstall and restore from backup may be the only way to recover completely.  Since you don’t have a backup then you will need to build from scratch. ---------------------------------------------------------------------------------------------------------------------------------------------- We have inserted the the recovery disk and selected option F ,performed the filesystem check Now we are able to create the Backup device and backup is successful :)

Hi Nishad,

You were bang on the spot! If you took a look at your CLI exception, you would see "Read only filesystem" mentioned.

Great to see that you fixed it yourself.

Thanks & Regards,
Anirudh
"Protocol, then product"