Solved: Hi,i found a workaround which

jsmckinlay · ‎03-06-2015

Has anyone had any experience with doing CUCM DRS backups to a Synology NAS setup for SFTP. I am having problems getting backups from both the CUCM pub and the PLM server. Basically when defining the backup server it cannot connect via SFTP

Strange thing is if that I connect using WinSCP and the same credentials I'm putting into CUCM it works fine.

Any ideas welcome!

Daniel Spalding · ‎02-16-2016

The previously mentioned fix of manually adding the required ciphers is valid. However for those who do not want to manually change the configuration through the command line (or re-implement the change every time they update their DSM version) there is now an option within the GUI. I also assume that by making the change in the CLI further upgrades of DSM will not affect this setting.

This appears to be present from DSM version 5.2-5592.

In order to enable the cipher and Key Exchange methods do the following:

1. Navigate to "Control Panel > Terminal & SNMP > Advanced settings".

My box was set to Medium by default so this is what I used as my base configuration before adding the require ciphers.

2. Click on "Customize".

3. Under the "Ciphers" column place a tick next to "AES128-cbc"

4. Under the "KEX" column place a tick next to "Diffie-Hellman-Group-SHA1".

5. Click OK.

View solution in original post

djohle · ‎03-25-2015

I am trying to set up the same thing here.

Everything looks good via WinSCP, can log in upload & download files, create directories, etc.

The CUCM box says:
Unable to save Backup Device successfully. Update failed : Unable to access SFTP server or SFTP server too slow to respond.

I have tried all sorts of values for the path as that is known to be very picky. None of them make a difference.

I also know it's not "too slow" because that message is returned almost instantly -- no waiting on timeouts.

I did a packet capture on this, which ironically involved me using SFTP to upload the capture file to a Linux box. The capture shows 13 packets, where there is the initial handshake, then the SSH protocol identifiers, Key Exchange Inits, and then is closed. The first FIN comes from the synology box, followed by an ACK & FIN from the CUCM. So this points at the synology not being able to agree with the client and just terminating the connection.

Digging in furhter & comparing the algorithm lists sent by each, it seems they could not agree on a common cipher.

sebastiangille · ‎05-27-2015

Hi,

i found a workaround which might help.

http://blog.millard.org/2014/11/repair-synology-dsm51-for-use-as-linux.html

According to the comments it seems that this solves the problem with DRS Backup.

djohle · ‎05-27-2015

After my findings above with the cipher mismatches, this is more or less what I did to resolve the issue as well. As much as I didn't want to directly alter the sshd configs on the Synology to support the weaker ciphers used by CUCM, it was more viable than getting anything changed on CUCM!

Maybe when we do our next major version update of CUCM it will support some better ciphers that also are in the list of what Synology offers by default.

Daniel Spalding · ‎02-16-2016