12-01-2022 08:39 AM
Hi,
We have Cisco Call Managers and Unity 11.5.1 servers using the Cerberus SFTP server for backups. We have recently upgraded to Cerberus SFTP server to version 12.11 and now experiencing authentication issues between the servers. We was using basic authenication before the upgrade since Microsoft has depreciated basic authenication we believe this is the issue. Can someone confirm we should now be using OAuth2 authenication for the SFTP file transfers for the call managers and unity servers. Also, the Cerberus SFTP server runs on a Windows 10 platform. Any insight would be greatly appreciated.
Thanks,
12-01-2022 08:57 AM
What version of 11.5.1 are you running? Older version of 11.5.1 (I believe it's SU9 or older) does not support stronger KEX Ciphers. When your SFTP server upgraded, it likely disabled the weaker KEX Ciphers which is preventing authentication.
SU10 and higher support stronger ciphers.
12-03-2022 01:01 AM
I don’t think that Microsoft has depreciated Basic authentication in the OS. From what I know they have deprecated it for Exchange and it could be that it is limited to O364 environments. That said, can you not uses local user information in your SFTP server application for the login instead of using AD users?
12-07-2022 04:56 AM
It could very well be that certain key exchange methods or ciphers have been disabled in the new version. Can you connect to the server using an SFTP client? Here are my notes on the DRS key exchange methods and ciphers.
Ciphers aes128-cbc,3des-cbc,blowfish-cbc
These ones can be added to the default with multiple addition lines:
Ciphers +aes128-cbc
Ciphers +3des-cbc
Ciphers +blowfish-cbc
Not sure if this is needed
KexAlgorithms +diffie-hellman-group1-sha1
in sshd_config:
KexAlgorithms +diffie-hellman-group1-sha1
KexAlgorithms +diffie-hellman-group-exchange-sha1
Ciphers +aes128-cbc
# 3DES isn't supported on newer version of DRS or in
# newer versions of OpenSSH
Ciphers +3des-cbc
Newer Ubuntu needs this:
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide