Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
796
Views
0
Helpful
3
Replies

Cannot access SFTP repository since upgrade to ACS 5.5

guillaume.paradis
Level 1
Level 1

‎10-17-2014 02:10 PM - edited ‎03-10-2019 10:07 PM

Hi,

 

We upgraded our Cisco 3415 Appliances from ACS 5.4 to 5.5. Here is the exact version we are running:

Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.5.0.46
Internal Build ID : B.723

 

I cannot do any backups or upgrades because I always get an error trying to access SFTP repositories:

acs1/acsadmin# show repository SFTP
% Error reading directory on remote server

 

My SFTP repository is configured as follows:

repository SFTP
  url sftp://10.0.0.10/var/repos/repo1
  user sftpaccount password hash <snipped>

 

I ran the command to import the host key and confirmed it is correctly loaded:

acs1/acsadmin# show crypto host_keys
2048 <snipped> 10.0.0.10 (RSA)

 

On the SFTP server located at 10.0.0.10, the folder where the files are stored is /var/repos/repo1. This folder is also the home folder of user sftpaccount.

 

If I try doing a ssh/sftp connection locally from the SFTP server 10.0.0.10 using the sftpaccount user and password, it works.

 

When I use the ssh command from the CLI of the ACS and manually type in the password, it works.

 

If I try to do a show repository SFTP, I get the error above.

 

Trying to apply a patch and specifying that repository fails.

 

Trying to backup from the CLI of from the Web GUI using a scheduled backup fail.

 

Forcing a backup from the Web GUI through Local Operations / Deployment Operations works!

 

This is a complete mystery! I would like to patch my device to the latest version but I can't use the repository because it fails through SFTP! Using another protocol is out of the question.

 

What are my options?

 

Thanks!

 

2 people had this problem
Labels:
0 Helpful
3 Replies 3

nspasov
Cisco Employee
Cisco Employee

‎10-18-2014 11:38 PM

Have you tried to completely remove the repository and then re-creating it from scratch?

 

Thank you for rating helpful posts!

0 Helpful

Bull3t_six
Level 1
Level 1
In response to nspasov

‎11-18-2014 07:22 AM

Of course....

0 Helpful

Bull3t_six
Level 1
Level 1

‎11-18-2014 07:21 AM

I am having the exact same problem. I have ran a tcpdump to see what is going on and have noticed that ACS is not even attempting to connect to the sftp server at all. When adding the crypto key I do see the successful exchange, but no traffic whatsoever when trying to connect to the sftp server. 

0 Helpful
Customers Also Viewed These Support Documents