01-27-2015 07:10 AM - edited 03-17-2019 01:44 AM
Currently our CUCM backups are running with OpenSSH. I would like to check the credentials for SFTP. I couldn't find any good doc for OpenSSH commands to check/change the credentials in OpenSSH. Assistance are much appreciated.
01-27-2015 08:49 AM
I don't quite understand what you're asking. CUCM Backups are done via DRF ( https://<PUBLISHER>/drf ) DRF backs up *to* an SFTP server, but you don't SFTP *in* to CUCM to back it up.
01-27-2015 08:59 AM
SFTP Credentials for CUCM backups must be configured in DRF and SFTP application in the windows server.
We can use freeFtdp, solarwind SFTP and openSSH applications to store the backup in windows server. We are using opendSSH. Guy who configured OpenSSH in windows has left the company. So I need to check the credentials configured in openSSH. We can get the user name in the backup DRF but not the password. OpenSSH must be configured in Commandportmt. I guess there are some commands or short cuts to see the password. Please assist.
01-27-2015 09:02 AM
There are no commands in CUCM to see the backup password that I know of. If you've lost the password just change it in both DRF and the SFTP server. The SFTP server password is not used to encrypted the backups.
01-27-2015 09:10 AM
Yes, credentials must be configured n SFTP server.
We have OpenSSH SFTP server which is not a GUI . Credentials must be configured through CMD. I guess there are commands to change the password for the particular user account.
02-09-2015 10:40 AM
Here's a snippet of the sshd_config file that I have working on a Linux distro with OpenSSH v6.7 and CUCM/Unity backups.
Create a user, add them to the sftponly group, set the home directory to a folder where you want the backups to go. For a little extra security, you can set the user shell to /bin/false. Newer OpenSSH versions are picky with folder permissions. This home folder needs root:root permissions. Create a user-writable subfolder where the backups will go.
Newer OpenSSH disables some encryption ciphers, you will need to enable some for this to work.
For example, create a new user called ciscobackup, home directory of /home/ciscobackup with no shell access (this may be a different procedure depending which linux distro you are using)
useradd -d /home/ciscobackup -G sftponly -s /bin/false ciscobackup
chown root:root /home/ciscobackup
chown ciscobackup:ciscobackup /home/ciscobackup/callmanager
chmod 775 /home/ciscobackup/callmanager
Subsystem sftp internal-sftp
Match Group sftponly
In CUCM add a backup server in your call manager and set the folder to /callmanager.
Check the sshd log files on your linux box to troubleshoot any folder permissions or cipher errors if adding the backup server failed.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: