Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cannot access SFTP repository since upgrade to ACS 5.5

Hi,

 

We upgraded our Cisco 3415 Appliances from ACS 5.4 to 5.5. Here is the exact version we are running:

Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.5.0.46
Internal Build ID : B.723

 

I cannot do any backups or upgrades because I always get an error trying to access SFTP repositories:

acs1/acsadmin# show repository SFTP
% Error reading directory on remote server

 

My SFTP repository is configured as follows:

repository SFTP
  url sftp://10.0.0.10/var/repos/repo1
  user sftpaccount password hash <snipped>

 

I ran the command to import the host key and confirmed it is correctly loaded:

acs1/acsadmin# show crypto host_keys
2048 <snipped> 10.0.0.10 (RSA)

 

On the SFTP server located at 10.0.0.10, the folder where the files are stored is /var/repos/repo1. This folder is also the home folder of user sftpaccount.

 

If I try doing a ssh/sftp connection locally from the SFTP server 10.0.0.10 using the sftpaccount user and password, it works.

 

When I use the ssh command from the CLI of the ACS and manually type in the password, it works.

 

If I try to do a show repository SFTP, I get the error above.

 

Trying to apply a patch and specifying that repository fails.

 

Trying to backup from the CLI of from the Web GUI using a scheduled backup fail.

 

Forcing a backup from the Web GUI through Local Operations / Deployment Operations works!

 

This is a complete mystery! I would like to patch my device to the latest version but I can't use the repository because it fails through SFTP! Using another protocol is out of the question.

 

What are my options?

 

Thanks!

 

Everyone's tags (1)
3 REPLIES
Cisco Employee

Have you tried to completely

Have you tried to completely remove the repository and then re-creating it from scratch?

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
New Member

Of course....

Of course....

New Member

I am having the exact same

I am having the exact same problem. I have ran a tcpdump to see what is going on and have noticed that ACS is not even attempting to connect to the sftp server at all. When adding the crypto key I do see the successful exchange, but no traffic whatsoever when trying to connect to the sftp server. 

253
Views
0
Helpful
3
Replies