Few weeks have gone by and I have not written anything for a while **But I still have lots of Drafts in the works. Job has been a bit busy this time of the year so that’s my excuse and I will stick to it 🙂
If you are a UC and Collaboration engineer, you may have under your sleeve few cool solutions to backup your Apps. Well, I have a few too, and I used to crash a lot with the FREE SolarWinds app. But for some reason, this app sometimes fails.
A good solution seems to be a Linux box/VM that you can rely on to always run SSH/SFTP services with no extra applications, just need to make sure the OpenSSH Server is installed. There is some extra configuration, but, if you are like me maybe will find out as you move with configuring your server
When configuring a Backup Device you get this message:
“Update failed : Unable to access SFTP server. Please ensure the given SFTP server is a genuine SFTP server”
I opened my SFTP browser on my computer “CyberDuck” and was able to get to the server using SFTP and the user/password combination with no issues
The next step is to see why this thing doesn’t work!!! –
Login to the shell on your Linux server and run the following command
ucadmin@myserver:~$ tail -100 /var/log/auth.log | grep sshd
This command will provide you with the authorization logs and you will be able to see key information, like CUCM is trying to authenticate with diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 but our SSH/SFTP server is not set to accept this authentication algorithm
Dec 27 12:58:29 myserver sshd: fatal: Unable to negotiate with xx.xx.xx.xx port 56813: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth] Dec 27 12:58:29 myserver sshd: fatal: Unable to negotiate with xx.xx.xx.xx port 56814: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
The solution to this is to modify your ssh configuration file, here is the command to get to it
Sudo nano /etc/ssh/sshd_config
Add the following 2 lines to the end of the file
Ciphers 3des-cbc,blowfish-cbc,aes128-cbc,aes128-ctr,aes256-ctr KexAlgorithms diffie-hellman-group1-sha1,email@example.com,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2- nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group- exchange-sha1
This last one did the trick for me… not sure about the others, and with different versions of CUCM you may or may not get different results
***Note to self and whoever is saying ** Ohh so sweet, he uses nano” –> Yes I use nano text editor… I still have not learned VI, which I keep hearing is the best thing since sliced bread :O
What to Look forward to?
This particular issue may seem like a no big deal for some people… Actually a few days ago it took me quite a while to find the issue + lots of reading on Google 🙂 Now that is documented and I have it at my fingertips I believe I will not have to wast more time
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 13 years of experience, Andres is specialized in the Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.