SFTP backup from CUCM 10.5.2.12900-14 fails with FreeNAS-9.10.2 (a476f16)

[Ryan Snyder]

We have been running Freenas on the XI systems for quite some time. I recently upgraded to 9.10.2 from 9.10.1-U4 (ec9a7d3). Everything seemed like it was working just fine. But sometime after the upgrade our Cisco Call Manager stopped backing up. I didn't put things together until now.

When running the 9.10.2 CUCM says that it is unable to login to the SFTP server. I used Cyberduck from my machine to connect using the credentials and everything seems correct. I also was able SSH to CUCM from the Freenas box and that worked. I deleted the connections and tried to setup again same problem.

At one our other sites we have one that is running the 9.10.1. So I set the backup to run to that for the time being. That works like a champ.

The accounts used for the SFTP backup are local to the freenas.

I will try and post logs for this.

 

[Ryan Snyder]

When i do the login I see a bunch of

Jan 4 13:05:03 DO-Freenas sshd[690]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]
Jan 4 13:05:03 DO-Freenas sshd[692]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]
Jan 4 13:05:03 DO-Freenas sshd[694]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]
Jan 4 13:05:03 DO-Freenas sshd[696]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]
Jan 4 13:05:03 DO-Freenas sshd[698]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]
Jan 4 13:05:03 DO-Freenas sshd[700]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]
Jan 4 13:05:03 DO-Freenas sshd[702]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]
Jan 4 13:05:03 DO-Freenas sshd[704]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]
Jan 4 13:05:03 DO-Freenas sshd[707]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]

CUCM shows
Reason : Unable to access SFTP server. Please ensure the username and password are correct.
AppID : Cisco DRF Master

 

[dlavigne]

Please create a bug report at bugs.freenas.org that includes the preauth error message and post the issue number here.

 

[Ryan Snyder]

Bug #20044

I did find a Cisco bug sounds similar. CSCur98596

 

[maplin]

I too have this issue:


[root@freenas_1] /var/log#nano messages

Feb 20 13:57:57 freenas_1 sshd[85941]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]
Feb 20 13:57:57 freenas_1 sshd[85943]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]
Feb 20 13:57:57 freenas_1 sshd[85945]: fatal: Pre-authentication none cipher requests are not allowed. [preauth]


If I attempt Cisco's work around:


Workaround:
Change the security to aes128-cbc ciphers or one of the supported ciphers listed below:
aes128-cbc
3des-cbc
blowfish-cbc

OpenSSH 6.7 Workaround:
This workaround is to be performed on the SFTP server configured for OpenSSH.

1.Go to the SSHd config file : vim /etc/ssh/sshd_config
2.To get all these ciphers back, add a Ciphers line to your /etc/ssh/sshd_config like:
# Enabling all Ciphers!
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

3. Save the File. (:wq) . Restart the SSHD service on the SFTP server.
[root@SFTPserver ~]# service sshd restart


The commands go in okay, and I can restart the service via:


[root@freenas_1] ~# service sshd onerestart


However, when I reboot the server that command gets removed -- and it doesn't work following the “service sshd onerestart” either….


Note, for me this is only affecting CUPs version 10.5.2.13900-12 - not CUCM on the same version.