Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4853
Views
10
Helpful
5
Replies

CUCM backup with OpenSSH

Murali Dharan
Level 1
Level 1

‎01-27-2015 07:10 AM - edited ‎03-17-2019 01:44 AM

Hello All,

Currently our CUCM backups are running with OpenSSH. I would like to check the credentials for SFTP. I couldn't find any good doc for OpenSSH commands to check/change the credentials in OpenSSH. Assistance are much appreciated. 

 

Thanks

Murali

 

 

Labels:
0 Helpful
5 Replies 5

Gordon Ross
Level 9
Level 9

‎01-27-2015 08:49 AM

I don't quite understand what you're asking. CUCM Backups are done via DRF ( https://<PUBLISHER>/drf ) DRF backs up *to* an SFTP server, but you don't SFTP *in* to CUCM to back it up.

 

GTG

Please rate all helpful posts.
0 Helpful

Murali Dharan
Level 1
Level 1
In response to Gordon Ross

‎01-27-2015 08:59 AM

SFTP Credentials for CUCM backups must be configured in DRF and SFTP application in the windows server. 

We can use freeFtdp, solarwind SFTP and openSSH applications to store the backup in windows server. We are using opendSSH. Guy who configured OpenSSH in windows has left the company. So I need to check the credentials configured in openSSH. We can get the user name in the backup DRF but not the password. OpenSSH must be configured in Commandportmt. I guess there are some commands or short cuts to see the password. Please assist. 

 

Thanks

Murali

0 Helpful

Gordon Ross
Level 9
Level 9
In response to Murali Dharan

‎01-27-2015 09:02 AM

There are no commands in CUCM to see the backup password that I know of. If you've lost the password just change it in both DRF and the SFTP server. The SFTP server password is not used to encrypted the backups.

 

GTG

Please rate all helpful posts.
0 Helpful

Murali Dharan
Level 1
Level 1
In response to Gordon Ross

‎01-27-2015 09:10 AM

Yes, credentials must be configured n SFTP server.  

We have OpenSSH SFTP server which is not a GUI . Credentials must be configured through CMD. I guess there are commands to change the password for the particular user account. 

 

Thanks

Murali.

0 Helpful

Alex Andruszkiw
Level 1
Level 1

‎02-09-2015 10:40 AM

Here's a snippet of the sshd_config file that I have working on a Linux distro with OpenSSH v6.7 and CUCM/Unity backups.

Create a user, add them to the sftponly group, set the home directory to a folder where you want the backups to go. For a little extra security, you can set the user shell to /bin/false.  Newer OpenSSH versions are picky with folder permissions. This home folder needs root:root permissions.  Create a user-writable subfolder where the backups will go.

Newer OpenSSH disables some encryption ciphers, you will need to enable some for this to work.

For example, create a new user called ciscobackup, home directory of /home/ciscobackup with no shell access (this may be a different procedure depending which linux distro you are using)

useradd -d /home/ciscobackup -G sftponly -s /bin/false ciscobackup

passwd ciscobackup

mkdir /home/ciscobackup/callmanager

chown root:root /home/ciscobackup

chown ciscobackup:ciscobackup /home/ciscobackup/callmanager

chmod 775 /home/ciscobackup/callmanager

 

/etc/ssh/sshd_config example:

 

Protocol 2

Ciphers aes256-cbc,aes128-cbc

Subsystem       sftp    internal-sftp

Match Group sftponly
  ChrootDirectory %h
  X11Forwarding no
  ForceCommand internal-sftp
  AllowTcpForwarding no

 

Restart sshd.

In CUCM add a backup server in your call manager and set the folder to /callmanager.

Check the sshd log files on your linux box to troubleshoot any folder permissions or cipher errors if adding the backup server failed.

Customers Also Viewed These Support Documents