Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
10
Helpful
3
Replies

CUCM and UNITY - Backups Failing to Run

Quintin.Mayo
Level 2
Level 2

‎12-01-2022 08:39 AM

Hi,

We have Cisco Call Managers and Unity 11.5.1 servers using the Cerberus SFTP server for backups. We have recently upgraded to Cerberus SFTP server to version 12.11 and now experiencing authentication issues between the servers.  We was using basic authenication before the upgrade since Microsoft has depreciated basic authenication we believe this is the issue. Can someone confirm we should now be using OAuth2 authenication for the SFTP file transfers for the call managers and unity servers.  Also, the Cerberus SFTP server runs on a Windows 10 platform. Any insight would be greatly appreciated.

Thanks,

 

0 Helpful
3 Replies 3

Kevin Li
Level 4
Level 4

‎12-01-2022 08:57 AM

What version of 11.5.1 are you running? Older version of 11.5.1 (I believe it's SU9 or older) does not support stronger KEX Ciphers. When your SFTP server upgraded, it likely disabled the weaker KEX Ciphers which is preventing authentication.

SU10 and higher support stronger ciphers.

Roger Kallberg
VIP
VIP

‎12-03-2022 01:01 AM

I don’t think that Microsoft has depreciated Basic authentication in the OS. From what I know they have deprecated it for Exchange and it could be that it is limited to O364 environments. That said, can you not uses local user information in your SFTP server application for the login instead of using AD users?



Response Signature


Elliot Dierksen
VIP
VIP

‎12-07-2022 04:56 AM

It could very well be that certain key exchange methods or ciphers have been disabled in the new version. Can you connect to the server using an SFTP client? Here are my notes on the DRS key exchange methods and ciphers.

Ciphers aes128-cbc,3des-cbc,blowfish-cbc

These ones can be added to the default with multiple addition lines:

Ciphers +aes128-cbc
Ciphers +3des-cbc
Ciphers +blowfish-cbc

Not sure if this is needed

KexAlgorithms +diffie-hellman-group1-sha1


in sshd_config:

KexAlgorithms +diffie-hellman-group1-sha1
KexAlgorithms +diffie-hellman-group-exchange-sha1

Ciphers +aes128-cbc
# 3DES isn't supported on newer version of DRS or in
# newer versions of OpenSSH
Ciphers +3des-cbc

Newer Ubuntu needs this:
PubkeyAcceptedAlgorithms +ssh-rsa
HostkeyAlgorithms +ssh-rsa
0 Helpful
Customers Also Viewed These Support Documents