CUSP 10.2 SFTP Backup Procedure

Introduction

This document describes how to configure Cisco Unified Session Initiation Protocol (SIP) Proxy (CUSP) 10.2 or later in order to perform backups with Secure File Transfer Protocol (SFTP).

CUSP 10.2 only supports SFTP and requires to use Absolute Path which is not handled by every SFTP application; this document provides guidance in order to set this up with three different platforms as SFTP Servers.

Contributed by Luis Ramirez, Cisco TAC Engineer.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

• SFTP
• CUSP
• Windows
• Linux
• MAC

Components Used

The information in this document is based on these software versions:

• CUSP 10.2
• Windows 10
• Windows Server 2019
• Ubuntu 18.04
• MAC Mojave

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Backup Procedure

CUSP 10.2 eliminates the support of FTP and only allows SFTP for security reasons.

With this change, CUSP requires Absolute Path in order to be configured for Backup and Restore procedures but this options is not handled by many Windows SFTP applications.

These options provide the steps to set up CUSP Backups with Windows, MAC and Linux as SFTP Servers and how to set servers as well.

Note: For more information about CUSP 10.2 Backups, please check the GUI Administration Guide for Cisco Unified SIP Proxy Release 10.2

Windows as SFTP Server

Windows 10 and Windows Server 2016 on the latest versions have the option to install Openssh which can be used for SFTP as well.

SFTP Server Setup.

Access Apps & features in System Windows Settings and select Optional features.

If OpenSSH Client and OpenSSH Server don't show in the list as already installed, select Add a feature.

Look for OpenSSH Client and OpenSSH Server and get them installed.

Note: If these options don't show up in the list, ensure there is connectivity to Internet and that Windows has the latest updates installed.

Once installed, open Services and start the service for OpenSSH SSH Server.

The root folder for the SFTP Server is the Windows User where the service runs.

In this example the root is C:\Users\luirami2

Note: More information about this process can be found in the Microsoft Website

CUSP Configuration

As CUSP requires to be configured with the Absolute Path of the SFTP Server, there are two options that can be configured.

1. The Absolute Path to the Root Folder.

   • sftp://SFTP Server IP Address/C:/Users/luirami2

2. Absolute Path that takes to another folder within Root.

   • sftp://SFTP Server IP Address/C:/Users/luirami2/Desktop/CUSP10.2

Username and Password should be the same used in order to log in to the Windows Account.

MAC as SFTP Server

On a MAC PC with Mojave or latter versions, SFTP Server is already an option but needs to be enabled.

SFTP Server Setup.

Under System Preferences select Sharing, then check the boxes for File Sharing and Remote Login.

These options enable SFTP with a Root Folder of the MAC PC User where the service runs.

In this example the root is /Users/luirami2

CUSP Configuration.

As CUSP requires to be configured with the Absolute Path of the SFTP Server, there are two options that can be configured.

1. The Absolute Path to the Root Folder.

   • sftp://SFTP Server IP Address/Users/luirami2

2. Absolute Path that takes to another folder within Root.

   • sftp://SFTP Server IP Address/Users/luirami2/CUSP10.2

Username and Password should be the same used in order to log in to the MAC PC Account.

Linux as SFTP Server

On Linux, SSH needs to be installed in order to be able to use it as an SFTP Server.

This example is with Ubuntu 18.04.

SFTP Server Setup.

Install SSH with the command sudo apt install ssh

root@ubuntu:~$ sudo apt install ssh
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  ssh
0 upgraded, 1 newly installed, 0 to remove and 300 not upgraded.
Need to get 5,204 B of archives.
After this operation, 106 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 ssh all 1:7.6p1-4ubuntu0.3 [5,204 B]
Fetched 5,204 B in 10s (506 B/s)        
Selecting previously unselected package ssh.
(Reading database ... 128438 files and directories currently installed.)
Preparing to unpack .../ssh_1%3a7.6p1-4ubuntu0.3_all.deb ...
Unpacking ssh (1:7.6p1-4ubuntu0.3) ...
Setting up ssh (1:7.6p1-4ubuntu0.3) …

After installation, modify the /etc/ssh/sshd_config file with these changes at the end of the document.

sudo vi /etc/ssh/sshd_config

Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp 

Save the changes and restart ssh service with this command.

sudo service ssh restart

These options enable SFTP with a Root Folder of the Linux User where the service runs.

In this example the root is /home/luirami2

CUSP Configuration.

As CUSP requires to be configured with the Absolute Path of the SFTP Server, there are two options that can be configured.

1. The Absolute Path to the Root Folder.

   • sftp://SFTP Server IP Address/home/luirami2

2. Absolute Path that takes to another folder within Root.

   • sftp://SFTP Server IP Address/home/luirami2/SFTP/CUSP10.2

Username and Password should be the same used in order to log in to the Linux PC Account.

Backup Errors

When a Backup or Restore fails, an error is presented under Report, either Backup History or Restore History.

All these errors are Client URL (CURL) responses, all of them print the returnvalue: but only some print it's definition.

CURL error codes can be found here.

How to Test Absolute Path on SFTP Servers

From a Linux Server, CURL can be tested with a SFTP Server in order to know if it understands Absolute Path or only Abbreviated Path.

These five commands can be used in order to test authentication/directory List, Upload, Download, Delete and Directory creation.

If tested with Abbreviated Path it should work fine.

Authentication and Directory List
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/" --user "username:pasword"
drw-rw-rw 1 root root 0 Sep 11 18:19 .
drw-rw-rw 1 root root 0 Sep 11 18:19 ..
-rw-rw-rw 1 root root 38 Sep 11 18:04 TextFile.txt

Upload a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/" --user "username:pasword" -T "/home/TestCapture.pcap" --ftp-create-dirs
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 11.8M 0 0 100 11.8M 0 4143k 0:00:02 0:00:02 --:--:-- 4142k
100 11.8M 0 0 100 11.8M 0 4142k 0:00:02 0:00:02 --:--:-- 4142k

Download a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/TextFile.txt" --user "username:pasword" -o "/home/TextFile.txt" --ftp-create-dirs
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 38 100 38 0 0 181 0 --:--:-- --:--:-- --:--:-- 181
100 38 100 38 0 0 181 0 --:--:-- --:--:-- --:--:-- 181

Delete a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/" --user "username:pasword" -Q "-RM TestCapture.pcap" --ftp-create-dirs
drw-rw-rw 1 root root 0 Sep 11 18:23 .
drw-rw-rw 1 root root 0 Sep 11 18:23 ..
-rw-rw-rw 1 root root 12386208 Sep 11 18:23 TestCapture.pcap
-rw-rw-rw 1 root root 38 Sep 11 18:04 TextFile.txt

Create a Directory
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/" --user "username:pasword" -Q "-MKDIR /DirectoryFolder" --ftp-create-dirs
drw-rw-rw 1 root root 0 Sep 11 18:23 .
drw-rw-rw 1 root root 0 Sep 11 18:23 ..
-rw-rw-rw 1 root root 38 Sep 11 18:04 TextFile.txt

Authentication and Directory List (TestCapture.pcap has been deleted and DirectoryFolder has been created)
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/" --user "username:pasword"
drw-rw-rw 1 root root 0 Sep 11 18:24 .
drw-rw-rw 1 root root 0 Sep 11 18:24 ..
drw-rw-rw 1 root root 0 Sep 11 18:24 DirectoryFolder
-rw-rw-rw 1 root root 38 Sep 11 18:04 TextFile.txt

If tested with Absolute Path and the SFTP Server does not accept it, each command is rejected with reason 9CURLE_REMOTE_ACCESS_DENIED, same error CUSP displays when the SFTP Server used rejects the CURL commands due to the use of Absolute Path.

CURLE_REMOTE_ACCESS_DENIED (9)

Denied access to the resource given in the URL. For FTP, this occurs while the remote directory is changed.

Authentication and Directory List
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/C:/Users/Administrator/Desktop/CUSP10.2" --user "username:pasword"
curl: (9) Could not open remote file for reading: SFTP server: Permission denied

Upload a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/C:/Users/Administrator/Desktop/CUSP10.2" --user "username:pasword" -T "/home/TestCapture.pcap" --ftp-create-dirs
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
curl: (9) Access denied to remote resource

Download a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/C:/Users/Administrator/Desktop/CUSP10.2/TextFile.txt" --user "username:pasword" -o "/home/TextFile.txt" --ftp-create-dirs
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
curl: (9) Could not open remote file for reading: SFTP server: Permission denied

Delete a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/C:/Users/Administrator/Desktop/CUSP10.2" --user "username:pasword" -Q "-RM TestCapture.pcap" --ftp-create-dirs
curl: (9) Could not open remote file for reading: SFTP server: Permission denied

Create a Directory
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/C:/Users/Administrator/Desktop/CUSP10.2" --user "username:pasword" -Q "-MKDIR /DirectoryFolder" --ftp-create-dirs
curl: (9) Could not open remote file for reading: SFTP server: Permission denied