The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes how to configure Cisco Unified Session Initiation Protocol (SIP) Proxy (CUSP) 10.2 or later in order to perform backups with Secure File Transfer Protocol (SFTP).
CUSP 10.2 only supports SFTP and requires to use Absolute Path which is not handled by every SFTP application; this document provides guidance in order to set this up with three different platforms as SFTP Servers.
Contributed by Luis Ramirez, Cisco TAC Engineer.
Cisco recommends that you have knowledge of these topics:
The information in this document is based on these software versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
CUSP 10.2 eliminates the support of FTP and only allows SFTP for security reasons.
With this change, CUSP requires Absolute Path in order to be configured for Backup and Restore procedures but this options is not handled by many Windows SFTP applications.
These options provide the steps to set up CUSP Backups with Windows, MAC and Linux as SFTP Servers and how to set servers as well.
Note: For more information about CUSP 10.2 Backups, please check the GUI Administration Guide for Cisco Unified SIP Proxy Release 10.2
Windows 10 and Windows Server 2016 on the latest versions have the option to install Openssh which can be used for SFTP as well.
SFTP Server Setup.
Access Apps & features in System Windows Settings and select Optional features.
If OpenSSH Client and OpenSSH Server don't show in the list as already installed, select Add a feature.
Look for OpenSSH Client and OpenSSH Server and get them installed.
Note: If these options don't show up in the list, ensure there is connectivity to Internet and that Windows has the latest updates installed.
Once installed, open Services and start the service for OpenSSH SSH Server.
The root folder for the SFTP Server is the Windows User where the service runs.
In this example the root is C:\Users\luirami2
Note: More information about this process can be found in the Microsoft Website
CUSP Configuration
As CUSP requires to be configured with the Absolute Path of the SFTP Server, there are two options that can be configured.
sftp://SFTP Server IP Address/C:/Users/luirami2
sftp://SFTP Server IP Address/C:/Users/luirami2/Desktop/CUSP10.2
Username and Password should be the same used in order to log in to the Windows Account.
On a MAC PC with Mojave or latter versions, SFTP Server is already an option but needs to be enabled.
SFTP Server Setup.
Under System Preferences select Sharing, then check the boxes for File Sharing and Remote Login.
These options enable SFTP with a Root Folder of the MAC PC User where the service runs.
In this example the root is /Users/luirami2
CUSP Configuration.
As CUSP requires to be configured with the Absolute Path of the SFTP Server, there are two options that can be configured.
sftp://SFTP Server IP Address/Users/luirami2
sftp://SFTP Server IP Address/Users/luirami2/CUSP10.2
Username and Password should be the same used in order to log in to the MAC PC Account.
On Linux, SSH needs to be installed in order to be able to use it as an SFTP Server.
This example is with Ubuntu 18.04.
SFTP Server Setup.
Install SSH with the command sudo apt install ssh
root@ubuntu:~$ sudo apt install ssh
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
ssh
0 upgraded, 1 newly installed, 0 to remove and 300 not upgraded.
Need to get 5,204 B of archives.
After this operation, 106 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu bionic-updates/main amd64 ssh all 1:7.6p1-4ubuntu0.3 [5,204 B]
Fetched 5,204 B in 10s (506 B/s)
Selecting previously unselected package ssh.
(Reading database ... 128438 files and directories currently installed.)
Preparing to unpack .../ssh_1%3a7.6p1-4ubuntu0.3_all.deb ...
Unpacking ssh (1:7.6p1-4ubuntu0.3) ...
Setting up ssh (1:7.6p1-4ubuntu0.3) …
After installation, modify the /etc/ssh/sshd_config file with these changes at the end of the document.
sudo vi /etc/ssh/sshd_config
Match group sftp ChrootDirectory /home X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Save the changes and restart ssh service with this command.
sudo service ssh restart
These options enable SFTP with a Root Folder of the Linux User where the service runs.
In this example the root is /home/luirami2
CUSP Configuration.
As CUSP requires to be configured with the Absolute Path of the SFTP Server, there are two options that can be configured.
sftp://SFTP Server IP Address/home/luirami2
sftp://SFTP Server IP Address/home/luirami2/SFTP/CUSP10.2
Username and Password should be the same used in order to log in to the Linux PC Account.
When a Backup or Restore fails, an error is presented under Report, either Backup History or Restore History.
All these errors are Client URL (CURL) responses, all of them print the returnvalue: but only some print it's definition.
CURL error codes can be found here.
From a Linux Server, CURL can be tested with a SFTP Server in order to know if it understands Absolute Path or only Abbreviated Path.
These five commands can be used in order to test authentication/directory List, Upload, Download, Delete and Directory creation.
If tested with Abbreviated Path it should work fine.
Authentication and Directory List
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/" --user "username:pasword"
drw-rw-rw 1 root root 0 Sep 11 18:19 .
drw-rw-rw 1 root root 0 Sep 11 18:19 ..
-rw-rw-rw 1 root root 38 Sep 11 18:04 TextFile.txt
Upload a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/" --user "username:pasword" -T "/home/TestCapture.pcap" --ftp-create-dirs
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 11.8M 0 0 100 11.8M 0 4143k 0:00:02 0:00:02 --:--:-- 4142k
100 11.8M 0 0 100 11.8M 0 4142k 0:00:02 0:00:02 --:--:-- 4142k
Download a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/TextFile.txt" --user "username:pasword" -o "/home/TextFile.txt" --ftp-create-dirs
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 38 100 38 0 0 181 0 --:--:-- --:--:-- --:--:-- 181
100 38 100 38 0 0 181 0 --:--:-- --:--:-- --:--:-- 181
Delete a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/" --user "username:pasword" -Q "-RM TestCapture.pcap" --ftp-create-dirs
drw-rw-rw 1 root root 0 Sep 11 18:23 .
drw-rw-rw 1 root root 0 Sep 11 18:23 ..
-rw-rw-rw 1 root root 12386208 Sep 11 18:23 TestCapture.pcap
-rw-rw-rw 1 root root 38 Sep 11 18:04 TextFile.txt
Create a Directory
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/" --user "username:pasword" -Q "-MKDIR /DirectoryFolder" --ftp-create-dirs
drw-rw-rw 1 root root 0 Sep 11 18:23 .
drw-rw-rw 1 root root 0 Sep 11 18:23 ..
-rw-rw-rw 1 root root 38 Sep 11 18:04 TextFile.txt
Authentication and Directory List (TestCapture.pcap has been deleted and DirectoryFolder has been created)
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/" --user "username:pasword"
drw-rw-rw 1 root root 0 Sep 11 18:24 .
drw-rw-rw 1 root root 0 Sep 11 18:24 ..
drw-rw-rw 1 root root 0 Sep 11 18:24 DirectoryFolder
-rw-rw-rw 1 root root 38 Sep 11 18:04 TextFile.txt
If tested with Absolute Path and the SFTP Server does not accept it, each command is rejected with reason 9CURLE_REMOTE_ACCESS_DENIED, same error CUSP displays when the SFTP Server used rejects the CURL commands due to the use of Absolute Path.
CURLE_REMOTE_ACCESS_DENIED (9)
Denied access to the resource given in the URL. For FTP, this occurs while the remote directory is changed.
Authentication and Directory List
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/C:/Users/Administrator/Desktop/CUSP10.2" --user "username:pasword"
curl: (9) Could not open remote file for reading: SFTP server: Permission denied
Upload a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/C:/Users/Administrator/Desktop/CUSP10.2" --user "username:pasword" -T "/home/TestCapture.pcap" --ftp-create-dirs
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
curl: (9) Access denied to remote resource
Download a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/C:/Users/Administrator/Desktop/CUSP10.2/TextFile.txt" --user "username:pasword" -o "/home/TextFile.txt" --ftp-create-dirs
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
curl: (9) Could not open remote file for reading: SFTP server: Permission denied
Delete a file
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/C:/Users/Administrator/Desktop/CUSP10.2" --user "username:pasword" -Q "-RM TestCapture.pcap" --ftp-create-dirs
curl: (9) Could not open remote file for reading: SFTP server: Permission denied
Create a Directory
root@ubuntu:~$ curl -k "sftp://SFTP IP:22/C:/Users/Administrator/Desktop/CUSP10.2" --user "username:pasword" -Q "-MKDIR /DirectoryFolder" --ftp-create-dirs
curl: (9) Could not open remote file for reading: SFTP server: Permission denied