Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
4
Helpful
2
Replies

Cisco DRS - Unable to add new device

Go to solution
KarolineSoares76078
Level 1
Level 1

‎04-06-2023 10:27 AM

Hello everyone,

I'm trying to change the backup device for CUCM but the server replies "Unable to access SFTP server or SFTP server too slow to respond".
The SFTP service is running on the server, the credentials are the same entered on CUCM and there is connectivity between them.

I downloaded DRF logs and saw this:

ERROR [NetMessageDispatch] - drfUtils:getSshClient: Message -> com.maverick.ssh.SshException: Failed to negotiate a transport component [arcfour256] [aes256-gcm@openssh.com] [Unknown cause]

It seems there's incompatibility between ciphers used by the servers.

Do you guys have any suggestions to solve this?

Labels:
Preview file
27 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dmytro Benda
Spotlight
Spotlight

‎04-06-2023 09:04 PM - edited ‎04-06-2023 09:27 PM

Hi @KarolineSoares76078 

Yes, it is ciphers incompatibility. CUCM offers arcfour256 (first brackets) and your sftp server offers aes256-gcm@openssh.com (second brackets). I guess you have to check sshd_config file on your OpenSSH server to see if arcfour256 cipher is enabled. 

To add ciphers in sshd_config you have to do something similar to this:

1.Go to the sshd_config file : vim /etc/ssh/sshd_config
2.To get all ciphers back, add a Ciphers line to your /etc/ssh/sshd_config like:

# Enabling all Ciphers!
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

3. Save the File. (:wq) . Restart the SSHD service on the SFTP server.
[root@SFTPserver ~]# service sshd restart

My Cisco Unified Communications Blog

View solution in original post

2 Replies 2

Go to solution
Dmytro Benda
Spotlight
Spotlight

‎04-06-2023 09:04 PM - edited ‎04-06-2023 09:27 PM

Hi @KarolineSoares76078 

Yes, it is ciphers incompatibility. CUCM offers arcfour256 (first brackets) and your sftp server offers aes256-gcm@openssh.com (second brackets). I guess you have to check sshd_config file on your OpenSSH server to see if arcfour256 cipher is enabled. 

To add ciphers in sshd_config you have to do something similar to this:

1.Go to the sshd_config file : vim /etc/ssh/sshd_config
2.To get all ciphers back, add a Ciphers line to your /etc/ssh/sshd_config like:

# Enabling all Ciphers!
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

3. Save the File. (:wq) . Restart the SSHD service on the SFTP server.
[root@SFTPserver ~]# service sshd restart

My Cisco Unified Communications Blog

Go to solution
Steve W
Level 1
Level 1
In response to Dmytro Benda

‎01-24-2024 11:39 AM

this fixed our issue, thank you!

0 Helpful
Customers Also Viewed These Support Documents