Planet Collab

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Install FTP server (vsftpd) on Ubuntu 20.04 – Six Steps

By italchemy

Step 1: Update repository and install vsftpd
sudo apt update && sudo apt install vsftpd

To check enable & status:
sudo systemctl enable vsftpd
sudo systemctl status vsftpd

step 2: Configure firewall
sudo ufw allow OpenSSH
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 49000:49999/tcp
sudo ufw allow 990/tcp (Optional, if using TLS)

sudo ufw enable
sudo ufw status

Step 3: Create FTP User
sudo adduser ftpuser1

Modify sshd_config file:
sudo nano /etc/ssh/sshd_config
# Add the following line at the end to block ftpuser1 using SSH and SFTP.
DenyUsers ftpuser1

sudo service sshd restart
Step 4: Give directory permissions
Two options here, 1. to user1 home folder, 2. use web server.
Only using home folder.

# Create a dedicate directory, ftp
sudo mkdir /home/ftpuser1/ftp

# Set the ownership to nogody:nogroup so, other users cannot access this directory. Lockind down 2.
sudo chown nobody:nogroup /home/ftpuser1/ftp

# Remove (-), all(a), write(w) permission from everyone. Locking down 1
sudo chmod a-w /home/ftpuser1/ftp

# Now create new directories to upload/download files
sudo mkdir /home/ftpuser1/ftp/ios
sudo mkdir /home/ftpuser1/ftp/backups
sudo mkdir /home/ftpuser1/ftp/logs

# Assign ownership to ftpuser1 to provide write access.
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/ios
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/backups
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/logs

Step 4: vsftpd server configuration
# make a backup of the original vsftpd.conf file by renaming it.
sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.bak

# create new vsftpd.conf file
sudo nano /etc/vsftpd.conf

# Cut and paste the following:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
force_dot_files=YES
pasv_min_port=49000
pasv_max_port=49999
# ADDED BY SYSTEM ADMIN
# Tell vsftpd know that the root FTP folder is /ftp under /home/ftpuser1/.
user_sub_token=$USER
local_root=/home/$USER/ftp

# Restare vsftpd server
sudo systemctl restart vsftpd

Step 6: Download FileZilla Client and login.
# *Make sure that you are logging in “Active” transfer mode. Got to FileZilla Settings.

Edit >>> Settings >>> Connection >>> FTP >>> under “Transfer Mode”, change Passive to Active. OK

*** At this point, you should be able to upload/download files with no issues. ***

# To check vsftpd server logs
sudo tail /var/log/vsftpd.log -n 100

Install FTP server (vsftpd) on Ubuntu 20.04 – Six Steps

By italchemy

Step 1: Update repository and install vsftpd
sudo apt update && sudo apt install vsftpd

To check enable & status:
sudo systemctl enable vsftpd
sudo systemctl status vsftpd

step 2: Configure firewall
sudo ufw allow OpenSSH
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 49000:49999/tcp
sudo ufw allow 990/tcp (Optional, if using TLS)

sudo ufw enable
sudo ufw status

Step 3: Create FTP User
sudo adduser ftpuser1

Modify sshd_config file:
sudo nano /etc/ssh/sshd_config
# Add the following line at the end to block ftpuser1 using SSH and SFTP.
DenyUsers ftpuser1

sudo service sshd restart
Step 4: Give directory permissions
Two options here, 1. to user1 home folder, 2. use web server.
Only using home folder.

# Create a dedicate directory, ftp
sudo mkdir /home/ftpuser1/ftp

# Set the ownership to nogody:nogroup so, other users cannot access this directory. Lockind down 2.
sudo chown nobody:nogroup /home/ftpuser1/ftp

# Remove (-), all(a), write(w) permission from everyone. Locking down 1
sudo chmod a-w /home/ftpuser1/ftp

# Now create new directories to upload/download files
sudo mkdir /home/ftpuser1/ftp/ios
sudo mkdir /home/ftpuser1/ftp/backups
sudo mkdir /home/ftpuser1/ftp/logs

# Assign ownership to ftpuser1 to provide write access.
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/ios
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/backups
sudo chown ftpuser2:ftpuser1 /home/ftpuser1/ftp/logs

Step 4: vsftpd server configuration
# make a backup of the original vsftpd.conf file by renaming it.
sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.bak

# create new vsftpd.conf file
sudo nano /etc/vsftpd.conf

# Cut and paste the following:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
force_dot_files=YES
pasv_min_port=49000
pasv_max_port=49999
# ADDED BY SYSTEM ADMIN
# Tell vsftpd know that the root FTP folder is /ftp under /home/ftpuser1/.
user_sub_token=$USER
local_root=/home/$USER/ftp

# Restare vsftpd server
sudo systemctl restart vsftpd

Step 6: Download FileZilla Client and login.
# *Make sure that you are logging in “Active” transfer mode. Got to FileZilla Settings.

Edit >>> Settings >>> Connection >>> FTP >>> under “Transfer Mode”, change Passive to Active. OK

*** At this point, you should be able to upload/download files with no issues. ***

# To check vsftpd server logs
sudo tail /var/log/vsftpd.log -n 100

Scenario#50 – Cisco MRA: Jabber cannot connect Softphone mode over Expressway

By asharsidd
Photo by Pixabay on Pexels.com

Due to COVID-19 and the global pandemic situation more and more people are working from home and are coming across different challenges.

Many of them who use to work from a corporate location are coming across issues that they never faced before.

I worked on such a case recently where a user was having a problem connecting his Jabber over MRA (Mobile Remote Access) and getting softphone mode working. If he connects to corporate VPN and then fires up Jabber it connects fine and he can make and receive calls. The problem was that he was supposed to join an external training which was not accessible on his corporate VPN network and he also wanted to use Jabber for calls.

I started investigating and initially I thought if there is anything wrong with the Expressways? I did a quick health check and found no issues at Expressways. I also did an SRV check using Cisco Collaboration solutions Analyzer and that came out clean with all relevant ports open. From his PC I did an SRV check for Collab-Edge to see if it is resolving to correct Expressway cluster and that displayed correct result. You can do this quick test using the following command from a user’s PC command prompt:

nslookup -type=srv _collab-edge._tls.xyx.com

When you start Cisco Jabber it goes through a sequence of discovering as to how your jabber is connected and where it should go to fetch all services. For Jabber which is inside a corporate network it looks for cisco-uds while outside a network it is looking for collab-edge. Hopefully I will discuss this in a separate post as how Jabber connects and the routine it follows.

Softphone - Not working
Status: Not connected
Protocol: SIP
Address: CUCM3.corp.xyx.com (CCMCIP - Expressway) (Unknown)
Cause: connection error. Make sure that the server information on the Phone Services tab in the Options window is correct. If you need help, contact the system administrator.


Desk phone - None
Status: Not connected
Protocol: CTI
Address: (CTI) (Unknown)

Video for desk phones - information
Status: Not available
Cause: Video for desk phones is not available in softphone mode.


Voicemail - None
Status: Not connected. Awaiting repetition.
Address: Unity1.corp.xyx.com (IPV4)
Port: 443
Protocol: VMREST (HTTPS)


Presence - working
Status: Connected
Protocol: XMPP
Address: Server1.xyx.com (IPV4)    <<< Expressway-E
Port: 5222


Conferences - working
Status: Last connection attempt successful.
Protocol: HTTPS
MeetingAccount: John.doe@xyx.com
Address: meetings.xyx.com (IPV4)


Outlook address book - working
Status: Last connection attempt successful.
Protocol: MAPI
Address: Outlook (Unknown)


Directory - working
Status: Last connection attempt successful.
Address: CUCM2.corp.xyx.com  (IPV4)
Protocol: UDS (HTTPS)

As you can see CCMCIP-Expressway was showing as unknown. I collected the PRT report and this is what I found after the discovering stage:

Note: All IP addresses and hostnames have been changed to dummy values:

## Jabber discovers the Expressway-E : Server1.xyx.com

2020-05-06 16:29:30,457 DEBUG [0x000033e0] [ore\sipstack\sip_common_transport.c(717)] [csf.sip-call-control] [sip_get_local_ip_addr] – SIPCC-SIP_TRANS: sip_get_local_ip_addr: src_addr: 172.1.1.1
2020-05-06 16:29:30,457 INFO [0x000033e0] [mmon\network\SoftPhoneDnsHelper.cpp(129)] [csf.ecc] [csf::ecc::SoftPhoneDnsHelperImpl::queryDns] – hostname=Server1.xyx.com, family=AF_INET, useDNSCache=true
2020-05-06 16:29:30,457 INFO [0x000033e0] [mmon\network\SoftPhoneDnsHelper.cpp(246)] [csf.ecc] [csf::ecc::SoftPhoneDnsHelperImpl::doNetworkLookup] – hostname=Server1.xyx.com, family=AF_INET
2020-05-06 16:29:30,457 DEBUG [0x000033e0] [n\network\SocketHelperFunctions.cpp(294)] [csf.network.helper] [getIpAddressByHostname] – Attempting to resolve “Server1.xyx.com” for protocol AF_INET
2020-05-06 16:29:30,458 INFO [0x000036dc] [n\network\SocketHelperFunctions.cpp(181)] [csf.network.helper] [getIpAddressExcuteThread] – start excute thread

## Jabber discovers the Expressway-E IP address

2020-05-06 16:29:30,458 DEBUG [0x000036dc] [n\network\SocketHelperFunctions.cpp(246)] [csf.network.helper] [getIpAddressExcuteThread] – Server1.xyx.com resolved to IP address:193.1.x.10, retCode:0
2020-05-06 16:29:30,458 DEBUG [0x000036dc] [n\network\SocketHelperFunctions.cpp(258)] [csf.network.helper] [getIpAddressExcuteThread] – end excute thread, ctrl:17BE6CEC
2020-05-06 16:29:30,458 DEBUG [0x000033e0] [n\network\SocketHelperFunctions.cpp(320)] [csf.network.helper] [getIpAddressByHostname] – IP Address:193.1.x.10, error code: 0
2020-05-06 16:29:30,458 INFO [0x000033e0] [mmon\network\SoftPhoneDnsHelper.cpp(235)] [csf.ecc] [csf::ecc::SoftPhoneDnsHelperImpl::queryDns] – hostname=Server1.xyx.com, family=AF_INET – SUCCESS: lookup succeeded, v4(193.1.x.10) v6()2020-05-06 16:29:30,458 DEBUG [0x000033e0] [onewrapper\ccapi_plat_api_impl.cpp(2029)] [csf.ecc.sipcc] [SIPCCPlatBinding::platGetLocalIPAddr] – ipMode=IPv6Preferred, dst_addr->type=IPv4
2020-05-06 16:29:30,458 DEBUG [0x000033e0] [onewrapper\ccapi_plat_api_impl.cpp(2104)] [csf.ecc.sipcc] [SIPCCPlatBinding::platGetLocalIPAddr] – SIPCC will use local IPv4 address: 172.1.1.1 for destination: 193.1.x.10
2020-05-06 16:29:30,458 INFO [0x000033e0] [re\sipstack\sip_common_transport.c(1133)] [csf.sip-call-control] [sip_transport_init_ti_addr] – SIPCC-SIP_TRANS: sip_transport_init_ti_addr: Entered transport: 3 Sec Level: 2 IP type: 1
2020-05-06 16:29:30,458 DEBUG [0x000033e0] [re\sipstack\sip_common_transport.c(1679)] [csf.sip-call-control] [sip_transport_setup_cc_conn] – SIPCC-SIP_CC_CONN: sip_transport_setup_cc_conn: ccm id:1, status:-1, other_status:-1, type:1, other_type:0
2020-05-06 16:29:30,458 DEBUG [0x000033e0] [onewrapper\ccapi_plat_api_impl.cpp(1078)] [csf.ecc.sipcc] [SIPCCPlatBinding::platSecIsServerSecure] – secIsServerSecure() indicated server is secure because we are in edge mode.
2020-05-06 16:29:30,458 DEBUG [0x000033e0] [\core\sipstack\ccsip_platform_tls.c(122)] [csf.sip-call-control] [sip_tls_create_connection] – SIPCC-SIP_TLS: sip_tls_create_connection: Creating secure connection
2020-05-06 16:29:30,458 DEBUG [0x000033e0] [onewrapper\ccapi_plat_api_impl.cpp(1332)] [csf.ecc.sipcc] [SIPCCPlatBinding::platSecSocConnect] – platSecSocConnect(): displayHost=Server1.xyx.com, pIPAddrString=193.1.x.10:5061, blocking=false, plat_soc_connection_mode=1, plat_secure_connection_type=1
2020-05-06 16:29:30,458 DEBUG [0x000033e0] [roject\secCommon\src\sec_ssl_api.c(2501)] [csf.ecc.handyiron] [performSingleConnect] – Invoking non-blocking connect(). Will allow up to 3 seconds for this connect to succeed.
2020-05-06 16:29:30,458 DEBUG [0x000033e0] [honewrapper\ccapi_plat_api_impl.cpp(352)] [csf.ecc.sipcc] [SIPCCPlatBinding::isShuttingDown] – –>
2020-05-06 16:29:30,459 DEBUG [0x000033e0] [roject\secCommon\src\sec_ssl_api.c(2514)] [csf.ecc.handyiron] [performSingleConnect] – connect return.
2020-05-06 16:29:30,997 DEBUG [0x00001708] [ls\src\http\MultiHttpClientImpl.cpp(813)] [csf.httpclient] [csf::http::MultiHttpClientImpl::RequestProcessing::run] – [0x1795be78] waiting for new requests
2020-05-06 16:29:31,737 DEBUG [0x000010ec] [ch\TriDroppedConnectionDetector.cpp(120)] [csf.jwcpp] [gloox::CTriDroppedConnectionDetector::onKeepaliveTimer] – @XmppSDK: #0, onKeepaliveTimer, timer
2020-05-06 16:29:32,396 DEBUG [0x00002f0c] [etutils\src\http\CurlHttpUtils.cpp(1834)] [csf.httpclient] [csf::http::CurlHttpUtils::logOperationTiming] – Request #135 network IO timestamps: [name lookup = 0.031 ; connect = 0 ; ssl connect = 0 ; pre-transfer = 0 ; start-transfer = 0 ; total = 10 ; redirect = 0]

##Connection timing out

2020-05-06 16:29:32,396 INFO [0x00002f0c] [ls\src\http\CurlAnswerEvaluator.cpp(122)] [csf.httpclient] [csf::http::CurlAnswerEvaluator::curlCodeToResult] – Request #135 got curlCode=[28] curl error message=[Connection timed out after 10000 milliseconds] ttpClientResult=CONNECTION_TIMEOUT_ERROR] fips enabled=[false]

##Trying second Expressway-E: Server2.xyx.com but getting same CONNECTION FAILED Error

2020-05-06 16:29:32,396 INFO [0x00002f0c] [ls\src\http\BasicHttpClientImpl.cpp(562)] [csf.httpclient] [csf::http::executeImpl] – *—–* HTTP response code 0 for request #135 to https://Server2.xyx.com:8443/aGVpZGVsYmVyZy5jb20/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin
2020-05-06 16:29:32,396 ERROR [0x00002f0c] [ls\src\http\BasicHttpClientImpl.cpp(567)] [csf.httpclient] [csf::http::executeImpl] – There was an issue performing the call to curl_easy_perform for request #135: CONNECTION_TIMEOUT_ERROR
2020-05-06 16:29:32,396 DEBUG [0x00002f0c] [etutils\src\http\HttpRequestData.cpp(91)] [csf.httpclient] [csf::http::HttpRequestData::returnEasyCURLConnection] – Request #135 returning borrowed EasyCURLConnection
2020-05-06 16:29:32,396 DEBUG [0x00002f0c] [\src\edge\EdgeConfigRequestImpl.cpp(207)] [csf.edge] [csf::edge::EdgeConfigRequestImpl::execute] – *—–* Get Edge Config HTTP Result: CONNECTION_FAILED, HTTP Response Code: 0
2020-05-06 16:29:32,396 ERROR [0x00002f0c] [\src\edge\EdgeConfigRequestImpl.cpp(211)] [csf.edge] [csf::edge::EdgeConfigRequestImpl::execute] – Edge Config Request failed, httpResult: CONNECTION_FAILED
2020-05-06 16:29:32,396 INFO [0x00002f0c] [s\src\edge\GlobalEdgeStateImpl.cpp(1391)] [csf.edge] [csf::edge::GlobalEdgeStateImpl::executeEdgeConfigRequest] – server Server2.xyx.com failed, but is the last server on the list, so will not be added to the failed list
2020-05-06 16:29:32,396 WARN [0x00002f0c] [s\src\edge\GlobalEdgeStateImpl.cpp(1437)] [csf.edge] [csf::edge::GlobalEdgeStateImpl::executeEdgeConfigRequest] – Warning, request failed with error: [INTERNAL_ERROR]. Attempting to failover.
2020-05-06 16:29:32,396 WARN [0x00002f0c] [s\src\edge\GlobalEdgeStateImpl.cpp(1462)] [csf.edge] [csf::edge::GlobalEdgeStateImpl::executeEdgeConfigRequest] – Failed to retrieve EdgeConfig with error:INTERNAL_ERROR
2020-05-06 16:29:32,396 INFO [0x000035bc] [s\src\edge\GlobalEdgeStateImpl.cpp(1279)] [csf.edge] [csf::edge::GlobalEdgeStateImpl::attemptServer] – Attempting request with host name:Server2.xyx.com, port:8443

2020-05-06 16:29:32,397 INFO [0x000035bc] [etutils\src\http\CurlHttpUtils.cpp(1116)] [csf.httpclient] [csf::http::CurlHttpUtils::configureEasyRequest] – *—–* Configuring request #136 GET https://Server2.xyx.com:8443/aGVpZGVsYmVyZy5jb20/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin
2020-05-06 16:29:32,397 INFO [0x000035bc] [etutils\src\http\CurlHttpUtils.cpp(1895)] [csf.httpclient] [csf::http::CurlHeaders::CurlHeaders] – Number of Request Headers : 1
2020-05-06 16:29:32,397 DEBUG [0x000035bc] [etutils\src\http\CurlHttpUtils.cpp(1571)] [csf.httpclient] [csf::http::CurlHttpUtils::addOauthToken] – Using authentication OAUTH with token
2020-05-06 16:29:32,397 DEBUG [0x000035bc] [etutils\src\http\CurlHttpUtils.cpp(1523)] [csf.httpclient] [csf::http::CurlHttpUtils::configureEasyRequest] – Request #136 configured with: connection timeout 10000 msec, transfer timeout 30000 msec
2020-05-06 16:29:32,397 DEBUG [0x000035bc] [ls\src\http\BasicHttpClientImpl.cpp(633)] [csf.httpclient] [csf::http::performCurlRequest] – About to perform curl connection request #136
2020-05-06 16:29:32,402 DEBUG [0x000035bc] [netutils\src\http\CurlHttpUtils.cpp(191)] [csf.httpclient] [csf::http::CurlHttpUtils::curlTraceCallback] – Request #136 pre connect phase: ‘ Trying 193.1.x.20…’
2020-05-06 16:29:32,493 DEBUG [0x000033e0] [roject\secCommon\src\sec_ssl_api.c(2489)] [csf.ecc.handyiron] [isSockConnected] – getsockopt(SOL_SOCKET, SO_ERROR) : n=0, err=10061
2020-05-06 16:29:32,493 DEBUG [0x000033e0] [roject\secCommon\src\sec_ssl_api.c(2551)] [csf.ecc.handyiron] [performSingleConnect] – socket signalled an exception.
2020-05-06 16:29:32,493 ERROR [0x000033e0] [onewrapper\ccapi_plat_api_impl.cpp(1198)] [csf.ecc.sipcc] [eccSecEstablishSecureConnection] – secSSLConnect(remoteIP=193.1.x.10, port=5061) returned NULL.
2020-05-06 16:29:32,493 INFO [0x000033e0] [tiveapp\sipcc\core\ccapp\cc_alarm.c(816)] [csf.sip-call-control] [setUnregReason] – SIPCC-PLAT_API: setUnregReason: setting unreg reason to=106
2020-05-06 16:29:32,493 DEBUG [0x000033e0] [veapp\sipcc\core\api\ccapi_device.c(100)] [csf.sip-call-control] [CCAPI_Device_getDeviceInfo] – SNAPSHOT-CREATE: CCAPI_Device_getDeviceInfo: g_deviceInfo.ins_state=0
2020-05-06 16:29:32,494 DEBUG [0x000033e0] [veapp\sipcc\core\api\ccapi_device.c(122)] [csf.sip-call-control] [CCAPI_Device_getDeviceInfo] – SNAPSHOT-CREATE: CCAPI_Device_getDeviceInfo: deviceInfo->sis_name=
2020-05-06 16:29:32,494 DEBUG [0x000033e0] [veapp\sipcc\core\api\ccapi_device.c(125)] [csf.sip-call-control] [CCAPI_Device_getDeviceInfo] – SNAPSHOT-CREATE: CCAPI_Device_getDeviceInfo: reference pointer=1bf24998
2020-05-06 16:29:32,494 DEBUG [0x000033e0] [veapp\sipcc\core\api\ccapi_device.c(128)] [csf.sip-call-control] [CCAPI_Device_getDeviceInfo] – SNAPSHOT-CREATE: CCAPI_Device_getDeviceInfo: deviceInfo->ins_state=0
2020-05-06 16:29:32,494 DEBUG [0x000033e0] [\sipcc\core\api\ccapi_device_info.c(235)] [csf.sip-call-control] [CCAPI_DeviceInfo_getCUCMMode] – SIPCC-SIP_CC_PROV: 0x1bf24998, CCAPI_DeviceInfo_getCUCMMode: returned 00
2020-05-06 16:29:32,494 INFO [0x000033e0] [tiveapp\sipcc\core\ccapp\cc_alarm.c(880)] [csf.sip-call-control] [setUnregReason] – SIPCC-PLAT_API: setUnregReason: value of first_oos_alarm_set=1
2020-05-06 16:29:32,494 DEBUG [0x000033e0] [veapp\sipcc\core\api\ccapi_device.c(218)] [csf.sip-call-control] [CCAPI_Device_releaseDeviceInfo] – SNAPSHOT-RELEASE: CCAPI_Device_releaseDeviceInfo: reference pointer=1bf24998
2020-05-06 16:29:32,494 ERROR [0x000033e0] [\core\sipstack\ccsip_platform_tls.c(157)] [csf.sip-call-control] [sip_tls_create_connection] – SIPCC-SIP_TLS: sip_tls_create_connection: Secure connect failed!!


I jumped onto the Expressways-E/C and tried to search for the user id and the CSF profile but there were no records of any attempt by this user.

There seems to be a problem Jabber connecting to Expressways over Internet?

Could it be a User PC issue or something to do with his Internet?

I also have a Jabber account with this company as a test user so I thought I should give it a go to make sure there is no issue with MRA.

I fired up my Jabber, entered credentials for this Company account and viola I connected straight away no issues. My Softphone also came to live within seconds, and I could see my user id and CSF in Expressway Event logs.

Hmmm that means something wrong at his PC!

I went back to him and asked if he is using any special Firewall or Antivirus software which might be blocking connection but I found no issues there.

I then asked him to check his Internet and if there are any special settings for VoIP.

Guess what? He was told by his provider to go to his user account and disable this option :

 “Prevent use of internet telephony from the home network” under “Telephony > Telephone Numbers > Line Settings” in the “Security” section.

How Sweet!

We spent all this time thinking if it is something to do with MRA and at the end it was his Internet connection and some special settings to access VoIP.

This is a snippet below from his Provider Fritzbox Cable as how it should be configured.

I hope this post was useful. Please like and Subscribe to this post and share.

No Linux FTP, ouch! tftp vs ftp file transfer negotiation using Windows FTP (Filezilla)

By italchemy

This is a quick note to remind me of the trouble i went through to make Windows FTP to work properly. The pain of not having a Linux FTP server at work!!!!

 

=======================================

MYCOMPANY-SW01#copy tftp:// 192.168.3.2/testfile.txt flash:testfile.txt

Destination filename [testfile.txt]?

Accessing tftp:// 192.168.3.2/testfile.txt…

Loading testfile.txt from 10.77.25.41 (via Vlan50): !

[OK – 97 bytes]

 

97 bytes copied in 0.150 secs (647 bytes/sec)

MYCOMPANY-SW01#show flash:

 

Directory of flash:/

 

2  -rwx          97  Mar 26 2020 03:15:54 +00:00  testfile.txt

3  -rwx        1036  Sep 12 2018 05:02:45 +00:00  vlan.dat

4  -rwx        4199  Mar 25 2020 09:47:34 +00:00  private-config.text

5  -rwx    26534912  Mar 25 2020 09:35:26 +00:00  c2960x-universalk9-mz.152-7.E0a.bin

6  -rwx       16884  Sep 12 2018 04:19:27 +00:00  backup

7  drwx         512  Dec 21 2016 18:05:46 +00:00  c2960x-universalk9-mz.152-2.E5

672  drwx         512  Dec 21 2016 18:05:47 +00:00  dc_profile_dir

675  -rwx        4120  Mar 25 2020 10:18:36 +00:00  multiple-fs

674  -rwx       15515  Mar 25 2020 09:47:34 +00:00  config.text

 

122185728 bytes total (68272128 bytes free)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ftp file transfer:

 

MYCOMPANY-SW01#copy ftp://ftpuser:cisco123@192.168.3.2/testfile.txt flash:testfile.txt

Destination filename [testfile.txt]?

Accessing ftp://*****:*****@ 192.168.3.2/testfile.txt…

Loading testfile.txt

[OK – 97/4096 bytes]

 

97 bytes copied in 6.407 secs (15 bytes/sec)

VEN-NZ-DUN-SW01#show flash:

 

Directory of flash:/

 

2  -rwx          97  Mar 26 2020 04:59:22 +00:00  testfile.txt

3  -rwx        1036  Sep 12 2018 05:02:45 +00:00  vlan.dat

4  -rwx        4199  Mar 25 2020 09:47:34 +00:00  private-config.text

5  -rwx    26534912  Mar 25 2020 09:35:26 +00:00  c2960x-universalk9-mz.152-7.E0a.bin

6  -rwx       16884  Sep 12 2018 04:19:27 +00:00  backup

672  drwx         512  Dec 21 2016 18:05:47 +00:00  dc_profile_dir

675  -rwx        4120  Mar 25 2020 10:18:36 +00:00  multiple-fs

674  -rwx       15515  Mar 25 2020 09:47:34 +00:00  config.text

 

122185728 bytes total (68272128 bytes free)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

How FTP client negotiates with the server? (Cisco device example)

 

my_sw1#$ftpuser:cisco123@192.168.3.2/c3560-ipservicesk9-mz.122-55.SE5.bin flas$

Destination filename [c3560-ipservicesk9-mz.122-55.SE5.bin]?

Accessing ftp://ftpuser:cisco123@192.168.3.2/c3560-ipservicesk9-mz.122-55.SE5.bin…

01:31:40: FTP: 220 Please visit https://filezilla-project.org/

01:31:40: FTP: —> USER ftpuser

01:31:40: FTP: 331 Password required for ftpuser

01:31:40: FTP: —> PASS cisco123

01:31:41: FTP: 230 Logged on

01:31:41: FTP: —> TYPE I

01:31:41: FTP: 200 Type set to I

01:31:41: FTP: —> PASV

01:31:42: FTP: 227 Entering Passive Mode (192,168,3,2,60,93)

01:31:42: FTP: —> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

01:31:42: FTP: 150 Opening data channel for file download from server of “/c3560-ipservicesk9-                                                                               mz.122-55.SE5.bin”

01:31:42: FTP: —> QUIT

01:31:42: FTP: 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.b                                                                               in”

01:31:42: FTP: 220 Please visit https://filezilla-project.org/

01:31:42: FTP: —> USER ftpuser

01:31:43: FTP: 331 Password required for ftpuser

01:31:43: FTP: —> PASS cisco123

01:31:43: FTP: 230 Logged on

01:31:43: FTP: —> TYPE I

01:31:44: FTP: 200 Type set to I

01:31:44: FTP: —> PASV

01:31:44: FTP: 227 Entering Passive Mode (192,168,3,2,81,52)

01:31:44: FTP: —> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

01:31:45: FTP: 150 Opening data channel for file download from server of “/c3560-ipservicesk9-                                                                               mz.122-55.SE5.bin”

01:31:45: FTP: —> QUIT

01:31:45: FTP: 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.b                                                                               in”

01:31:45: FTP: 220 Please visit https://filezilla-project.org/

01:31:45: FTP: —> USER ftpuser

01:31:45: FTP: 331 Password required for ftpuser

01:31:45: FTP: —> PASS cisco123

01:31:46: FTP: 230 Logged on

01:31:46: FTP: —> TYPE I

01:31:46: FTP: 200 Type set to I

01:31:46: FTP: —> PASV

Loading c3560-ipservicesk9-mz.122-55.SE5.bin

01:31:47: FTP: 227 Entering Passive Mode (192,168,3,2,217,126)

01:31:47: FTP: —> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

01:31:47: FTP: 150 Opening data channel for file download from server of “/c3560-ipservicesk9-                                                                               mz.122-55.SE5.bin”

01:31:47: FTP: —> QUIT

01:31:47: FTP: 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.b                                                                               in”

01:31:47: FTP: 220 Please visit https://filezilla-project.org/

01:31:47: FTP: —> USER ftpuser

01:31:48: FTP: 331 Password required for ftpuser

01:31:48: FTP: —> PASS cisco123

01:31:48: FTP: 230 Logged on

01:31:48: FTP: —> TYPE I

01:31:49: FTP: 200 Type set to I

01:31:49: FTP: —> PASV!

01:31:49: FTP: 227 Entering Passive Mode (192,168,3,2,221,211)

01:31:49: FTP: —> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

01:31:50: FTP: 150 Opening data channel for file download from server of “/c3560-ipservicesk9-                                                                               mz.122-55.SE5.bin”!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK – 12752928/4096 bytes]

 

12752928 bytes copied in 243.119 secs (52455 bytes/sec)

my_sw1#

01:35:47: FTP: —> QUIT

01:35:47: FTP: 226 Successfully transferred “/c3560-ipservicesk9-mz.122-55.SE5.bin”

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~

How FTP client negotiates with the server? (Windows Filezilla example)

Note: make sure you add Filezilla to allowed applications on your Windows Firewall settings!

 

000062)26/03/2020 16:06:53 PM – (not logged in) (192.168.3.1)> 220-FileZilla Server 0.9.60 beta

(000062)26/03/2020 16:06:53 PM – (not logged in) (192.168.3.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)

(000062)26/03/2020 16:06:53 PM – (not logged in) (192.168.3.1)> 220 Please visit https://filezilla-project.org/

(000062)26/03/2020 16:06:53 PM – (not logged in) (192.168.3.1)> USER ftpuser

(000062)26/03/2020 16:06:53 PM – (not logged in) (192.168.3.1)> 331 Password required for ftpuser

(000062)26/03/2020 16:06:54 PM – (not logged in) (192.168.3.1)> PASS ********

(000062)26/03/2020 16:06:54 PM – ftpuser (192.168.3.1)> 230 Logged on

(000062)26/03/2020 16:06:54 PM – ftpuser (192.168.3.1)> TYPE I

(000062)26/03/2020 16:06:54 PM – ftpuser (192.168.3.1)> 200 Type set to I

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> PASV

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> 227 Entering Passive Mode (192,168,3,2,60,93)

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> 150 Opening data channel for file download from server of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> QUIT

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> 221 Goodbye

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> disconnected.

(000063)26/03/2020 16:06:55 PM – (not logged in) (192.168.3.1)> Connected on port 21, sending welcome message…

(000063)26/03/2020 16:06:55 PM – (not logged in) (192.168.3.1)> 220-FileZilla Server 0.9.60 beta

(000063)26/03/2020 16:06:55 PM – (not logged in) (192.168.3.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)

(000063)26/03/2020 16:06:55 PM – (not logged in) (192.168.3.1)> 220 Please visit https://filezilla-project.org/

(000063)26/03/2020 16:06:56 PM – (not logged in) (192.168.3.1)> USER ftpuser

(000063)26/03/2020 16:06:56 PM – (not logged in) (192.168.3.1)> 331 Password required for ftpuser

(000063)26/03/2020 16:06:56 PM – (not logged in) (192.168.3.1)> PASS ********

(000063)26/03/2020 16:06:56 PM – ftpuser (192.168.3.1)> 230 Logged on

(000063)26/03/2020 16:06:57 PM – ftpuser (192.168.3.1)> TYPE I

(000063)26/03/2020 16:06:57 PM – ftpuser (192.168.3.1)> 200 Type set to I

(000063)26/03/2020 16:06:57 PM – ftpuser (192.168.3.1)> PASV

(000063)26/03/2020 16:06:57 PM – ftpuser (192.168.3.1)> 227 Entering Passive Mode (192,168,3,2,81,52)

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> 150 Opening data channel for file download from server of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> QUIT

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> 221 Goodbye

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> disconnected.

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> Connected on port 21, sending welcome message…

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> 220-FileZilla Server 0.9.60 beta

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> 220 Please visit https://filezilla-project.org/

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> USER ftpuser

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> 331 Password required for ftpuser

(000064)26/03/2020 16:06:59 PM – (not logged in) (192.168.3.1)> PASS ********

(000064)26/03/2020 16:06:59 PM – ftpuser (192.168.3.1)> 230 Logged on

(000064)26/03/2020 16:06:59 PM – ftpuser (192.168.3.1)> TYPE I

(000064)26/03/2020 16:06:59 PM – ftpuser (192.168.3.1)> 200 Type set to I

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> PASV

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> 227 Entering Passive Mode (192,168,3,2,217,126)

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> 150 Opening data channel for file download from server of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> QUIT

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> 221 Goodbye

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> disconnected.

(000065)26/03/2020 16:07:00 PM – (not logged in) (192.168.3.1)> Connected on port 21, sending welcome message…

(000065)26/03/2020 16:07:00 PM – (not logged in) (192.168.3.1)> 220-FileZilla Server 0.9.60 beta

(000065)26/03/2020 16:07:00 PM – (not logged in) (192.168.3.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)

(000065)26/03/2020 16:07:00 PM – (not logged in) (192.168.3.1)> 220 Please visit https://filezilla-project.org/

(000065)26/03/2020 16:07:01 PM – (not logged in) (192.168.3.1)> USER ftpuser

(000065)26/03/2020 16:07:01 PM – (not logged in) (192.168.3.1)> 331 Password required for ftpuser

(000065)26/03/2020 16:07:01 PM – (not logged in) (192.168.3.1)> PASS ********

(000065)26/03/2020 16:07:01 PM – ftpuser (192.168.3.1)> 230 Logged on

(000065)26/03/2020 16:07:02 PM – ftpuser (192.168.3.1)> TYPE I

(000065)26/03/2020 16:07:02 PM – ftpuser (192.168.3.1)> 200 Type set to I

(000065)26/03/2020 16:07:02 PM – ftpuser (192.168.3.1)> PASV

(000065)26/03/2020 16:07:02 PM – ftpuser (192.168.3.1)> 227 Entering Passive Mode (192,168,3,2,221,211)

(000065)26/03/2020 16:07:03 PM – ftpuser (192.168.3.1)> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

(000065)26/03/2020 16:07:03 PM – ftpuser (192.168.3.1)> 150 Opening data channel for file download from server of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000065)26/03/2020 16:11:00 PM – ftpuser (192.168.3.1)> 226 Successfully transferred “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000065)26/03/2020 16:11:01 PM – ftpuser (192.168.3.1)> QUIT

(000065)26/03/2020 16:11:01 PM – ftpuser (192.168.3.1)> 221 Goodbye

(000065)26/03/2020 16:11:01 PM – ftpuser (192.168.3.1)> disconnected.

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> Connected on port 21, sending welcome message…

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> 220-FileZilla Server 0.9.60 beta

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> 220 Please visit https://filezilla-project.org/

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> USER anonymous

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> 331 Password required for anonymous

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> PASS ******************

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 230 Logged on

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> SYST

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 215 UNIX emulated by FileZilla

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> PWD

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 257 “/” is current directory.

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> TYPE I

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 200 Type set to I

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> SIZE /

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 550 File not found

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> CWD /

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 250 CWD successful. “/” is current directory.

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> PASV

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 227 Entering Passive Mode (192,168,3,2,170,190)

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> LIST -l

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 150 Opening data channel for directory listing of “/”

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 226 Successfully transferred “/”

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> QUIT

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 221 Goodbye

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> disconnected.

 

No Linux FTP, ouch! tftp vs ftp file transfer negotiation using Windows FTP (Filezilla)

By italchemy

This is a quick note to remind me of the trouble i went through to make Windows FTP to work properly. The pain of not having a Linux FTP server at work!!!!

 

=======================================

MYCOMPANY-SW01#copy tftp:// 192.168.3.2/testfile.txt flash:testfile.txt

Destination filename [testfile.txt]?

Accessing tftp:// 192.168.3.2/testfile.txt…

Loading testfile.txt from 10.77.25.41 (via Vlan50): !

[OK – 97 bytes]

 

97 bytes copied in 0.150 secs (647 bytes/sec)

MYCOMPANY-SW01#show flash:

 

Directory of flash:/

 

2  -rwx          97  Mar 26 2020 03:15:54 +00:00  testfile.txt

3  -rwx        1036  Sep 12 2018 05:02:45 +00:00  vlan.dat

4  -rwx        4199  Mar 25 2020 09:47:34 +00:00  private-config.text

5  -rwx    26534912  Mar 25 2020 09:35:26 +00:00  c2960x-universalk9-mz.152-7.E0a.bin

6  -rwx       16884  Sep 12 2018 04:19:27 +00:00  backup

7  drwx         512  Dec 21 2016 18:05:46 +00:00  c2960x-universalk9-mz.152-2.E5

672  drwx         512  Dec 21 2016 18:05:47 +00:00  dc_profile_dir

675  -rwx        4120  Mar 25 2020 10:18:36 +00:00  multiple-fs

674  -rwx       15515  Mar 25 2020 09:47:34 +00:00  config.text

 

122185728 bytes total (68272128 bytes free)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ftp file transfer:

 

MYCOMPANY-SW01#copy ftp://ftpuser:cisco123@192.168.3.2/testfile.txt flash:testfile.txt

Destination filename [testfile.txt]?

Accessing ftp://*****:*****@ 192.168.3.2/testfile.txt…

Loading testfile.txt

[OK – 97/4096 bytes]

 

97 bytes copied in 6.407 secs (15 bytes/sec)

VEN-NZ-DUN-SW01#show flash:

 

Directory of flash:/

 

2  -rwx          97  Mar 26 2020 04:59:22 +00:00  testfile.txt

3  -rwx        1036  Sep 12 2018 05:02:45 +00:00  vlan.dat

4  -rwx        4199  Mar 25 2020 09:47:34 +00:00  private-config.text

5  -rwx    26534912  Mar 25 2020 09:35:26 +00:00  c2960x-universalk9-mz.152-7.E0a.bin

6  -rwx       16884  Sep 12 2018 04:19:27 +00:00  backup

672  drwx         512  Dec 21 2016 18:05:47 +00:00  dc_profile_dir

675  -rwx        4120  Mar 25 2020 10:18:36 +00:00  multiple-fs

674  -rwx       15515  Mar 25 2020 09:47:34 +00:00  config.text

 

122185728 bytes total (68272128 bytes free)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

How FTP client negotiates with the server? (Cisco device example)

 

my_sw1#$ftpuser:cisco123@192.168.3.2/c3560-ipservicesk9-mz.122-55.SE5.bin flas$

Destination filename [c3560-ipservicesk9-mz.122-55.SE5.bin]?

Accessing ftp://ftpuser:cisco123@192.168.3.2/c3560-ipservicesk9-mz.122-55.SE5.bin…

01:31:40: FTP: 220 Please visit https://filezilla-project.org/

01:31:40: FTP: —> USER ftpuser

01:31:40: FTP: 331 Password required for ftpuser

01:31:40: FTP: —> PASS cisco123

01:31:41: FTP: 230 Logged on

01:31:41: FTP: —> TYPE I

01:31:41: FTP: 200 Type set to I

01:31:41: FTP: —> PASV

01:31:42: FTP: 227 Entering Passive Mode (192,168,3,2,60,93)

01:31:42: FTP: —> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

01:31:42: FTP: 150 Opening data channel for file download from server of “/c3560-ipservicesk9-                                                                               mz.122-55.SE5.bin”

01:31:42: FTP: —> QUIT

01:31:42: FTP: 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.b                                                                               in”

01:31:42: FTP: 220 Please visit https://filezilla-project.org/

01:31:42: FTP: —> USER ftpuser

01:31:43: FTP: 331 Password required for ftpuser

01:31:43: FTP: —> PASS cisco123

01:31:43: FTP: 230 Logged on

01:31:43: FTP: —> TYPE I

01:31:44: FTP: 200 Type set to I

01:31:44: FTP: —> PASV

01:31:44: FTP: 227 Entering Passive Mode (192,168,3,2,81,52)

01:31:44: FTP: —> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

01:31:45: FTP: 150 Opening data channel for file download from server of “/c3560-ipservicesk9-                                                                               mz.122-55.SE5.bin”

01:31:45: FTP: —> QUIT

01:31:45: FTP: 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.b                                                                               in”

01:31:45: FTP: 220 Please visit https://filezilla-project.org/

01:31:45: FTP: —> USER ftpuser

01:31:45: FTP: 331 Password required for ftpuser

01:31:45: FTP: —> PASS cisco123

01:31:46: FTP: 230 Logged on

01:31:46: FTP: —> TYPE I

01:31:46: FTP: 200 Type set to I

01:31:46: FTP: —> PASV

Loading c3560-ipservicesk9-mz.122-55.SE5.bin

01:31:47: FTP: 227 Entering Passive Mode (192,168,3,2,217,126)

01:31:47: FTP: —> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

01:31:47: FTP: 150 Opening data channel for file download from server of “/c3560-ipservicesk9-                                                                               mz.122-55.SE5.bin”

01:31:47: FTP: —> QUIT

01:31:47: FTP: 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.b                                                                               in”

01:31:47: FTP: 220 Please visit https://filezilla-project.org/

01:31:47: FTP: —> USER ftpuser

01:31:48: FTP: 331 Password required for ftpuser

01:31:48: FTP: —> PASS cisco123

01:31:48: FTP: 230 Logged on

01:31:48: FTP: —> TYPE I

01:31:49: FTP: 200 Type set to I

01:31:49: FTP: —> PASV!

01:31:49: FTP: 227 Entering Passive Mode (192,168,3,2,221,211)

01:31:49: FTP: —> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

01:31:50: FTP: 150 Opening data channel for file download from server of “/c3560-ipservicesk9-                                                                               mz.122-55.SE5.bin”!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK – 12752928/4096 bytes]

 

12752928 bytes copied in 243.119 secs (52455 bytes/sec)

my_sw1#

01:35:47: FTP: —> QUIT

01:35:47: FTP: 226 Successfully transferred “/c3560-ipservicesk9-mz.122-55.SE5.bin”

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~

How FTP client negotiates with the server? (Windows Filezilla example)

Note: make sure you add Filezilla to allowed applications on your Windows Firewall settings!

 

000062)26/03/2020 16:06:53 PM – (not logged in) (192.168.3.1)> 220-FileZilla Server 0.9.60 beta

(000062)26/03/2020 16:06:53 PM – (not logged in) (192.168.3.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)

(000062)26/03/2020 16:06:53 PM – (not logged in) (192.168.3.1)> 220 Please visit https://filezilla-project.org/

(000062)26/03/2020 16:06:53 PM – (not logged in) (192.168.3.1)> USER ftpuser

(000062)26/03/2020 16:06:53 PM – (not logged in) (192.168.3.1)> 331 Password required for ftpuser

(000062)26/03/2020 16:06:54 PM – (not logged in) (192.168.3.1)> PASS ********

(000062)26/03/2020 16:06:54 PM – ftpuser (192.168.3.1)> 230 Logged on

(000062)26/03/2020 16:06:54 PM – ftpuser (192.168.3.1)> TYPE I

(000062)26/03/2020 16:06:54 PM – ftpuser (192.168.3.1)> 200 Type set to I

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> PASV

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> 227 Entering Passive Mode (192,168,3,2,60,93)

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> 150 Opening data channel for file download from server of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> QUIT

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> 221 Goodbye

(000062)26/03/2020 16:06:55 PM – ftpuser (192.168.3.1)> disconnected.

(000063)26/03/2020 16:06:55 PM – (not logged in) (192.168.3.1)> Connected on port 21, sending welcome message…

(000063)26/03/2020 16:06:55 PM – (not logged in) (192.168.3.1)> 220-FileZilla Server 0.9.60 beta

(000063)26/03/2020 16:06:55 PM – (not logged in) (192.168.3.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)

(000063)26/03/2020 16:06:55 PM – (not logged in) (192.168.3.1)> 220 Please visit https://filezilla-project.org/

(000063)26/03/2020 16:06:56 PM – (not logged in) (192.168.3.1)> USER ftpuser

(000063)26/03/2020 16:06:56 PM – (not logged in) (192.168.3.1)> 331 Password required for ftpuser

(000063)26/03/2020 16:06:56 PM – (not logged in) (192.168.3.1)> PASS ********

(000063)26/03/2020 16:06:56 PM – ftpuser (192.168.3.1)> 230 Logged on

(000063)26/03/2020 16:06:57 PM – ftpuser (192.168.3.1)> TYPE I

(000063)26/03/2020 16:06:57 PM – ftpuser (192.168.3.1)> 200 Type set to I

(000063)26/03/2020 16:06:57 PM – ftpuser (192.168.3.1)> PASV

(000063)26/03/2020 16:06:57 PM – ftpuser (192.168.3.1)> 227 Entering Passive Mode (192,168,3,2,81,52)

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> 150 Opening data channel for file download from server of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> QUIT

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> 221 Goodbye

(000063)26/03/2020 16:06:58 PM – ftpuser (192.168.3.1)> disconnected.

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> Connected on port 21, sending welcome message…

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> 220-FileZilla Server 0.9.60 beta

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> 220 Please visit https://filezilla-project.org/

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> USER ftpuser

(000064)26/03/2020 16:06:58 PM – (not logged in) (192.168.3.1)> 331 Password required for ftpuser

(000064)26/03/2020 16:06:59 PM – (not logged in) (192.168.3.1)> PASS ********

(000064)26/03/2020 16:06:59 PM – ftpuser (192.168.3.1)> 230 Logged on

(000064)26/03/2020 16:06:59 PM – ftpuser (192.168.3.1)> TYPE I

(000064)26/03/2020 16:06:59 PM – ftpuser (192.168.3.1)> 200 Type set to I

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> PASV

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> 227 Entering Passive Mode (192,168,3,2,217,126)

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> 150 Opening data channel for file download from server of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> 426 Connection closed; aborted transfer of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> QUIT

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> 221 Goodbye

(000064)26/03/2020 16:07:00 PM – ftpuser (192.168.3.1)> disconnected.

(000065)26/03/2020 16:07:00 PM – (not logged in) (192.168.3.1)> Connected on port 21, sending welcome message…

(000065)26/03/2020 16:07:00 PM – (not logged in) (192.168.3.1)> 220-FileZilla Server 0.9.60 beta

(000065)26/03/2020 16:07:00 PM – (not logged in) (192.168.3.1)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)

(000065)26/03/2020 16:07:00 PM – (not logged in) (192.168.3.1)> 220 Please visit https://filezilla-project.org/

(000065)26/03/2020 16:07:01 PM – (not logged in) (192.168.3.1)> USER ftpuser

(000065)26/03/2020 16:07:01 PM – (not logged in) (192.168.3.1)> 331 Password required for ftpuser

(000065)26/03/2020 16:07:01 PM – (not logged in) (192.168.3.1)> PASS ********

(000065)26/03/2020 16:07:01 PM – ftpuser (192.168.3.1)> 230 Logged on

(000065)26/03/2020 16:07:02 PM – ftpuser (192.168.3.1)> TYPE I

(000065)26/03/2020 16:07:02 PM – ftpuser (192.168.3.1)> 200 Type set to I

(000065)26/03/2020 16:07:02 PM – ftpuser (192.168.3.1)> PASV

(000065)26/03/2020 16:07:02 PM – ftpuser (192.168.3.1)> 227 Entering Passive Mode (192,168,3,2,221,211)

(000065)26/03/2020 16:07:03 PM – ftpuser (192.168.3.1)> RETR c3560-ipservicesk9-mz.122-55.SE5.bin

(000065)26/03/2020 16:07:03 PM – ftpuser (192.168.3.1)> 150 Opening data channel for file download from server of “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000065)26/03/2020 16:11:00 PM – ftpuser (192.168.3.1)> 226 Successfully transferred “/c3560-ipservicesk9-mz.122-55.SE5.bin”

(000065)26/03/2020 16:11:01 PM – ftpuser (192.168.3.1)> QUIT

(000065)26/03/2020 16:11:01 PM – ftpuser (192.168.3.1)> 221 Goodbye

(000065)26/03/2020 16:11:01 PM – ftpuser (192.168.3.1)> disconnected.

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> Connected on port 21, sending welcome message…

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> 220-FileZilla Server 0.9.60 beta

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> 220-written by Tim Kosse (tim.kosse@filezilla-project.org)

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> 220 Please visit https://filezilla-project.org/

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> USER anonymous

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> 331 Password required for anonymous

(000066)26/03/2020 16:41:05 PM – (not logged in) (192.168.3.2)> PASS ******************

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 230 Logged on

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> SYST

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 215 UNIX emulated by FileZilla

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> PWD

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 257 “/” is current directory.

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> TYPE I

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 200 Type set to I

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> SIZE /

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 550 File not found

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> CWD /

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 250 CWD successful. “/” is current directory.

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> PASV

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 227 Entering Passive Mode (192,168,3,2,170,190)

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> LIST -l

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 150 Opening data channel for directory listing of “/”

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 226 Successfully transferred “/”

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> QUIT

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> 221 Goodbye

(000066)26/03/2020 16:41:05 PM – anonymous (192.168.3.2)> disconnected.

 

Cisco PCD SFTP Username

By Administrator

Cisco PCD SFTP Username

Are you doing Migration or Installation or Upgrade using Prime Collaboration Deployment Tool which requires you to select COP files or ISO files? The ISO or COP files has to be placed in Cisco PCD Server before you create the task. You can use WinSCP client to upload the files to the Server.

The Username for SFTP will be “adminsftp” and the password will be PCD OS Administration Password.

The ISO/COP files will be in the below mentioned Directories.

For Migration > ISO files should be copied into /fresh_install directory.

For Upgrade > ISO files or COP files has to be copied into /upgrade directory

Hope this helps!!

Published by Team UC Collabing

The post Cisco PCD SFTP Username appeared first on UC Collabing.

Running Docker FTP server for IOS upgrade – a working test run~!

By italchemy

Docker FTP server on Ubuntu 18 server:

Prerequsite: Install docker on Ubuntu 18 server

Then pull the image from Docker/hub
$ docker pull gspeedy101/pynet-ftp:0.1
Pull “pynet-ftp latest 8c2ae1c4ea04 3 days ago 175MB” image from Docker/hub

Run docker FTP server with a full command as below.

User ID is ftp

Password is ftpftpftp

Target file to copy. I have mapped the /tmp directory on the host Ubuntu server to /home/vsftpd of the Docker FTP Container.

root@ubuntu:/tmp# ls /tmp/test*
/tmp/testfile1.txt

 

The most important command!!!
root@ubuntu:~# docker run -d -v /tmp:/home/vsftpd -p 20:20 -p 21:21 -p 47400-47470:47400-47470 -e FTP_USER=ftp -e FTP_PASS=ftpftpftp -e PASV_ADDRESS=192.168.185.3 pynet-ftp:latest

 

The second most important command:
Run the copy ftp command from your router or switch:

PytMelCT1-Sw02#copy ftp://ftp:ftpftpftp@192.168.185.3/testfile1.txt flash:/testfile1.txt flash:/testfile1.txt
Destination filename [testfile1.txt]?
Accessing ftp://ftp:ftpftpftp@192.168.185.3/testfile1.txt…
Loading testfile1.txt
[OK – 31/4096 bytes]

31 bytes copied in 0.067 secs (463 bytes/sec)
As you can see testfile1.txt has been downloaded to switch flash:

PytMelCT1-Sw02#show flash

Directory of flash:/

2 -rwx 556 Mar 1 1993 00:01:16 +00:00 vlan.dat
3 -rwx 12749374 Mar 2 1993 01:54:15 +00:00 c3560-ipservicesk9-mz.122-55.SE10.bin
4 -rwx 12752928 Mar 1 1993 00:20:25 +00:00 c3560-ipservicesk9-mz.122-55.SE5.bin
5 -rwx 5986 Sep 11 2015 05:47:18 +00:00 config.old
6 -rwx 31 Mar 1 1993 01:37:37 +00:00 testfile1.txt
7 -rwx 1768 Mar 1 1993 01:27:56 +00:00 config.text
8 -rwx 2967 Mar 1 1993 01:27:56 +00:00 private-config.text
9 -rwx 2072 Mar 2 1993 01:56:57 +00:00 multiple-fs

32514048 bytes total (6993920 bytes free)

Checking the downloaded file
PytMelCT1-Sw02#more testfile1.txt
dkdkdkg
d
skdkdkdkd
blabla
bla

PytMelCT1-Sw02#

Running Docker FTP server for IOS upgrade – a working test run~!

By italchemy

Docker FTP server on Ubuntu 18 server:

Prerequsite: Install docker on Ubuntu 18 server

Then pull the image from Docker/hub
$ docker pull gspeedy101/pynet-ftp:0.1
Pull “pynet-ftp latest 8c2ae1c4ea04 3 days ago 175MB” image from Docker/hub

Run docker FTP server with a full command as below.

User ID is ftp

Password is ftpftpftp

Target file to copy. I have mapped the /tmp directory on the host Ubuntu server to /home/vsftpd of the Docker FTP Container.

root@ubuntu:/tmp# ls /tmp/test*
/tmp/testfile1.txt

 

The most important command!!!
root@ubuntu:~# docker run -d -v /tmp:/home/vsftpd -p 20:20 -p 21:21 -p 47400-47470:47400-47470 -e FTP_USER=ftp -e FTP_PASS=ftpftpftp -e PASV_ADDRESS=192.168.185.3 pynet-ftp:latest

 

The second most important command:
Run the copy ftp command from your router or switch:

PytMelCT1-Sw02#copy ftp://ftp:ftpftpftp@192.168.185.3/testfile1.txt flash:/testfile1.txt flash:/testfile1.txt
Destination filename [testfile1.txt]?
Accessing ftp://ftp:ftpftpftp@192.168.185.3/testfile1.txt…
Loading testfile1.txt
[OK – 31/4096 bytes]

31 bytes copied in 0.067 secs (463 bytes/sec)
As you can see testfile1.txt has been downloaded to switch flash:

PytMelCT1-Sw02#show flash

Directory of flash:/

2 -rwx 556 Mar 1 1993 00:01:16 +00:00 vlan.dat
3 -rwx 12749374 Mar 2 1993 01:54:15 +00:00 c3560-ipservicesk9-mz.122-55.SE10.bin
4 -rwx 12752928 Mar 1 1993 00:20:25 +00:00 c3560-ipservicesk9-mz.122-55.SE5.bin
5 -rwx 5986 Sep 11 2015 05:47:18 +00:00 config.old
6 -rwx 31 Mar 1 1993 01:37:37 +00:00 testfile1.txt
7 -rwx 1768 Mar 1 1993 01:27:56 +00:00 config.text
8 -rwx 2967 Mar 1 1993 01:27:56 +00:00 private-config.text
9 -rwx 2072 Mar 2 1993 01:56:57 +00:00 multiple-fs

32514048 bytes total (6993920 bytes free)

Checking the downloaded file
PytMelCT1-Sw02#more testfile1.txt
dkdkdkg
d
skdkdkdkd
blabla
bla

PytMelCT1-Sw02#

Install FTP on CentOS8

By italchemy

 

 

Step 1: Install vsftpd and ftp

 

[root@Ansible-S1 ~]# yum install vsftpd ftp

Last metadata expiration check: 0:01:15 ago on Wed 13 Nov 2019 06:05:25 PM EST.

Dependencies resolved.

================================================================================

Package         Arch            Version               Repository          Size

================================================================================

Installing:

ftp             x86_64          0.17-78.el8           AppStream           70 k

vsftpd          x86_64          3.0.3-28.el8          AppStream          180 k

 

Transaction Summary

================================================================================

Install  2 Packages

 

Total download size: 250 k

Installed size: 472 k

Is this ok [y/N]: y

Downloading Packages:

(1/2): ftp-0.17-78.el8.x86_64.rpm               500 kB/s |  70 kB     00:00

(2/2): vsftpd-3.0.3-28.el8.x86_64.rpm           1.1 MB/s | 180 kB     00:00

——————————————————————————–

Total                                           286 kB/s | 250 kB     00:00

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

Preparing        :                                                        1/1

Installing       : vsftpd-3.0.3-28.el8.x86_64                             1/2

Running scriptlet: vsftpd-3.0.3-28.el8.x86_64                             1/2

Installing       : ftp-0.17-78.el8.x86_64                                 2/2

Running scriptlet: ftp-0.17-78.el8.x86_64                                 2/2

Verifying        : ftp-0.17-78.el8.x86_64                                 1/2

Verifying        : vsftpd-3.0.3-28.el8.x86_64                             2/2

 

Installed:

ftp-0.17-78.el8.x86_64               vsftpd-3.0.3-28.el8.x86_64

 

Complete!

 

 

Step 2: Enable ftp on firewall

 

[root@Ansible-S1 ~]# firewall-cmd –permanent –zone=public –add-service=ftp

success

[root@Ansible-S1 ~]# firewall-cmd –reload

success

 

 

Step 3: Enable, start and check status of vsftpd services

 

[root@Ansible-S1 ~]# systemctl enable vsftpd.service

Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service ? /usr/lib/systemd/system/vsftpd.service.

[root@Ansible-S1 ~]# systemctl start vsftpd.service

[root@Ansible-S1 ~]# systemctl status vsftpd.service

? vsftpd.service – Vsftpd ftp daemon

Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor pres>

Active: active (running) since Wed 2019-11-13 18:10:05 EST; 2s ago

Process: 13690 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exite>

Main PID: 13691 (vsftpd)

Tasks: 1 (limit: 11363)

Memory: 552.0K

CGroup: /system.slice/vsftpd.service

+-13691 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

 

Nov 13 18:10:04 Ansible-S1 systemd[1]: Starting Vsftpd ftp daemon…

Nov 13 18:10:05 Ansible-S1 systemd[1]: Started Vsftpd ftp daemon.

 

Install FTP on CentOS8

By italchemy

 

 

Step 1: Install vsftpd and ftp

 

[root@Ansible-S1 ~]# yum install vsftpd ftp

Last metadata expiration check: 0:01:15 ago on Wed 13 Nov 2019 06:05:25 PM EST.

Dependencies resolved.

================================================================================

Package         Arch            Version               Repository          Size

================================================================================

Installing:

ftp             x86_64          0.17-78.el8           AppStream           70 k

vsftpd          x86_64          3.0.3-28.el8          AppStream          180 k

 

Transaction Summary

================================================================================

Install  2 Packages

 

Total download size: 250 k

Installed size: 472 k

Is this ok [y/N]: y

Downloading Packages:

(1/2): ftp-0.17-78.el8.x86_64.rpm               500 kB/s |  70 kB     00:00

(2/2): vsftpd-3.0.3-28.el8.x86_64.rpm           1.1 MB/s | 180 kB     00:00

——————————————————————————–

Total                                           286 kB/s | 250 kB     00:00

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction

Preparing        :                                                        1/1

Installing       : vsftpd-3.0.3-28.el8.x86_64                             1/2

Running scriptlet: vsftpd-3.0.3-28.el8.x86_64                             1/2

Installing       : ftp-0.17-78.el8.x86_64                                 2/2

Running scriptlet: ftp-0.17-78.el8.x86_64                                 2/2

Verifying        : ftp-0.17-78.el8.x86_64                                 1/2

Verifying        : vsftpd-3.0.3-28.el8.x86_64                             2/2

 

Installed:

ftp-0.17-78.el8.x86_64               vsftpd-3.0.3-28.el8.x86_64

 

Complete!

 

 

Step 2: Enable ftp on firewall

 

[root@Ansible-S1 ~]# firewall-cmd –permanent –zone=public –add-service=ftp

success

[root@Ansible-S1 ~]# firewall-cmd –reload

success

 

 

Step 3: Enable, start and check status of vsftpd services

 

[root@Ansible-S1 ~]# systemctl enable vsftpd.service

Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service ? /usr/lib/systemd/system/vsftpd.service.

[root@Ansible-S1 ~]# systemctl start vsftpd.service

[root@Ansible-S1 ~]# systemctl status vsftpd.service

? vsftpd.service – Vsftpd ftp daemon

Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor pres>

Active: active (running) since Wed 2019-11-13 18:10:05 EST; 2s ago

Process: 13690 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exite>

Main PID: 13691 (vsftpd)

Tasks: 1 (limit: 11363)

Memory: 552.0K

CGroup: /system.slice/vsftpd.service

+-13691 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

 

Nov 13 18:10:04 Ansible-S1 systemd[1]: Starting Vsftpd ftp daemon…

Nov 13 18:10:05 Ansible-S1 systemd[1]: Started Vsftpd ftp daemon.

 

VentraIP using SCP for file transfers

Okay, this turned out to be a bit of a bitch.


I have a hosting account with VentraIP, recently VentraIP did some upgrades on their front end and as a result a feauture that I always used did no longer work:

FTP to and from my own hosting partition. after some mucking around I got file transfer to work with scp. here is how:

1-log onto your VIP control panel and got to MY services > Hosting > Manage :




2-Go to Configuration > SSH access and whitelist your own IP address (use www.ipchicken to find out),  now please note this whitelist only lasts 28 days, so you have to keep redoing it.  Also note Ventra allows a non standard port of 2683 




The username, can also be found in the cpanel under Special FTP accounts.

I have used WinSCP to connect to my ventraIP hosting partition, using the details as depeicted above. 


Anyone have any new insights on how to achieve this: please drop me a line

How to download list of SEP.cnf.xml files in CUCM?

By Avinash Karnani

How to download list of SEP.cnf.xml files in CUCM?

uccollabing.com

How to find and download list of SEP<MAC>.cnf.xml files from CUCM?

I am sure most of you are aware of Cisco IP Phone Registration Process, however i am going to post the Registration process in next post. As of now let’s see how to download XMLDefault.cnf.xml or SEP<MAC>.cnf.xml from Cisco Unified Communications Manager TFTP?

When you connect a new IP Phone which was never registered to Cisco Unified Communications Manager and auto-registration is enabled, it will use a file called as  XMLDefault.cnf.xml. Cisco IP phones  will download this XML file via TFTP, will learn the IP address and Port to send SCCP (Skinny Client Control Protocol) messages when attempting to register. The Cisco IP Phone will also learn firmware version that is required to function properly with the Cisco Unified Communications.

If you are connecting a Cisco IP Phone that was already registered in CUCM, then the phone contacts the TFTP server and requests TFTP Server to provide IP Phone’s configuration file. This time it will not look for XMLDefault.cnf.xml file. Since the IP Phone was already configured and registered earlier, it will look for the config file which is based on the unique Mac-Address. The file will be in the format SEP<mac_address>.cnf.xml which is created by CUCM and uploaded to TFTP Server whenever the administrator creates or modifies the Cisco IP Phone.

How to download the file “SEP<mac_address>.cnf.xml” from Cisco Unified Communications Manager?

There are two ways through which you can download the configuration xml file.

Via Web-Interface

  • Launch your favorite browser.
  • Replace X.X.X.X with your CUCM TFTP Address and open page >     http://xxx.xxx.xxx.xxx:6970/ConfigFileCacheList.txt.
    This will give you all the list of cnf.xml files stored in your TFTP Server.uccollabing.com
  • If you would like to search for a specific Mac-Address > Enter     http://xxx.xxx.xxx.xxx:6970/SEP<mac_address>.cnf.xml
    All you need to do is replace <mac_address> with your actual mac-address and hit enter. You should be able see the configuration on your browser.uccollabing.com

Via Windows Command Line

  • Go to Run > Type CMD and hit enter
  • Type CD\ and hit enter
  • Type tftp -i X.X.X.X  get mac_address.cnf.xml and hit enter
    Replace X.X.X.X with your TFTP IP Address and mac-address with your Mac-Address and hit enter
  • You should be able to see the configuration file SEP<mac_address>.cnf.xml in C:\ Driveuccollabing.com

Hope this helps!

Published by Team UC Collabing

The post How to download list of SEP.cnf.xml files in CUCM? appeared first on UC Collabing.

DRF Backup or Restore Failure CUCM or CUC

By Avinash Karnani

DRF Backup or Restore Failure CUCM or CUC

You may at times receive an error “109-Unable to transfer the tar file over SFTP channel as currently configured SFTP server does not support output stream” while taking Backup or Restore in Cisco Unified Communication Manager or Cisco Unity Connection. If so, refer to the below recommendations.

  1. Ensure that you are using a good SFTP application like Titan or Cygwin while works great as a SFTP Application.
  2. Ensure that there are no network issues between the SFTP Server and Cisco Unified Communication Manager/Cisco Unity Connection.  If there are any network issues which is not fixed, the error will be seen again and again.
  3. If there are no network issues between SFTP Server and CUCM/CUC and you are also using an application like Titan or Cygwin then, re-run the backup/restore whenever fails. Sometimes re-running the backup/restore may succeed if it was an intermittent issue earlier.

Hope this helps!!

Published by Team UC Collabing

The post DRF Backup or Restore Failure CUCM or CUC appeared first on UC Collabing.

Cisco CUCM or CUC DRS SFTP Backup Failed

By Avinash Karnani

Cisco CUCM or CUC DRS SFTP Backup Failed

We know that taking backup regularly is very important and can be used to restore the data when Cisco Unified Communication Manager or Cisco Unity Connection fails to work or rebuild is required. So, we need to ensure that the backup is 100% completed and successful.

But sometimes, we may encounter errors while taking backup such as “ERROR: SFTP transfer failed as backup size was not increasing for the past 15 minutes. Either there is not enough disk space or network transfer rate is too slow with the configured SFTP Server. Please either free some space on SFTP“.

Example – Suppose you have a backup of Cisco Unified Communication Manager or Cisco Unity Connection. The data to be backed up is 15 GB. The tool will fail to take backup when the file size reaches 1 GB

To avoid this, you need to install some other SFTP applications like Cygwin or Titan FTP. The application works great and it will help to create the backup successful.

Hope this helps!!

Published by Team UC Collabing

The post Cisco CUCM or CUC DRS SFTP Backup Failed appeared first on UC Collabing.

3. Install and configure TFTP server in Red Hat/Centos 7.5 Linux

By italchemy

Step 1: Install, enable and start firewalld

sudo yum install firewalld

sudo systemctl enable firewalld <<<starts up firewall when system boots up

sudo systemctl start firewalld

 

Step 2: Punch a hole in firewalld to allow TFTP traffic.

 

firewall-cmd –permanent –zone=public –add-service=tftp

firewall-cmd –reload

iptables -I INPUT -p udp –dport 69 -j ACCEPT

 

Step 3: Install, enable and start TFTP server and client

sudo yum install xinetd tftp-server tftp

sudo systemctl enable xinetd tftp <<<starts up automatically on system boot-up

sudo systemctl start xinetd tftp

 

Step 4: We don’t want TFTP user to have root user permission. So let’s create a system account called tftpuser with no home directory and no login capability.

sudo useradd –no-create-home –s /sbin/nologin tftpuser

 

Step 4: Create a directory for TFTP Server use.

sudo mkdir –p /tftpdata

sudo chmod 777 /tftpdata

nano /tftpdata/demo1.txt

chown tftpuser:tftpuser –R /tftpdata

 

 

Step 5: Configure TFTP service using the following settings.

 

nano /etc/xinetd.d/tftp

222

Server_args notes:

-c = allows clients to connect and create files on the directory

-s = automatically change directory when client connect to TFTP server, to a specific directory in the configure file such as /tftpdata. A security feature.

-u = specifies the user as the owner of the directory /tftpdata

-p = Perform no additional permissions check

-U = Set-up Umask setting when client creates or pushes a new file

-v = Print some logging verbose when client connect to TFTP server.

 

Step 6: Edit file system start service for TFTP. Update [Service] > ‘ExecStart’line as below:

sudo nano /usr/lib/systemd/system/tftp.service

 

 

[Unit]

Description=Tftp Server

Requires=tftp.socket

Documentation=man:in.tftpd

 

[Service]

ExecStart=/usr/sbin/in.tftpd -c -v -u tftp -p -U 117 -s /tftpdata

StandardInput=socket

 

[Install]

Also=tftp.socket

 

Step 7: Reload the system daemon & TFTP services

 

sudo systemctl daemon-reload

sudo systemctl start xinetd

sudo systemctl enable xinetd

sudo systemctl start tftp

sudo systemctl enable tftp

 

 

Step 8: Check UDP port 69 is in listening mode

https://www.tecmint.com/20-netstat-commands-for-linux-network-management/

 

netstat -na | grep udp6

111

 

Use ‘netstat –lu’ for all UDP listening ports/services

222

Use ‘netstat –ap | grep tftp’ to check the service.

333

 

Check that firewall is allowing udp port 69.

netstat -tupan

netstat –tupan | grep 69

111

 

Step 9: Check connection and download a demo.txt file. Using another server/router/switch. Download a demo.txt from TFTP server.

 

  1. On TFTP server (192.168.47.135), create demo.txt file under tftpdata directory.

 

nano /tftpdata/demo.txt

222

 

  1. On another Linux host (IP: 192.168.47.131), download demo.txt file.

 

tftp 192.168.47.135

get demo.txt

 

333

 

Now verification has been completed and you have a working TFTP server.

2. Install and configure SFTP server in Red Hat/Centos 7.5 Linux

By italchemy

Step 1: Create a SFTP user with password

sudo adduser sftpuser

sudo passwd password

 

Step 2: Create Directory for File Transfer

 

  1. sudo mkdir –p /var/sftp/sftpdata

 

[root@localhost /]# find . -name “sftpdata”

find: ‘./run/user/1000/gvfs’: Permission denied

./var/sftp/sftpdata

 

  1. Make the root user as the owner of this directory.

sudo chown root:root /var/sftp

 

  1. Grant write permission to the root user and read permission to other users.

sudo chmod 755 /var/sftp

 

  1. Modify the owner of sftpdata to be the user access.

sudo chown sftpdata:sftpdata /var/sftp/sftpdata

 

Step 3: Restrict Directory Access

 

  1. open sshd_config file

 

sudo nano /etc/ssh/sshd_config

 

  1. Add the following to the end of the file.

Match User sftpuser

ForceCommand internal-sftp

PasswordAuthentication yes

ChrootDirectory /var/sftp

PermitTunnel no

AllowAgentForwarding no

AllowTcpForwarding no

X11Forwarding no

 

  1. Restart sshd to apply change

sudo systemctl restart sshd

 

Step 4: Verification via SSH connection

 

ssh sftpuser@192.168.47.135

 

The SSH connection gets closed as expected.

333

 

sftp sftpuser@192.168.47.135

You can connect via sftp and now download and manage files as below.

111

Now the ssh access has been restricted successfully and the sftpuser can only upload and manage his/her file via SFTP only.

1. Install and configure FTP server in Red Hat/Centos 7.5 Linux

By italchemy

Step 1: Install vsftpd (very secure FTP daemon) package.

yum install -y vsftpd ftp

 

Step 2: Enable FTP on firewall

firewall-cmd –permanent –zone=public –add-service=ftp
firewall-cmd –reload

 

Step 3: to automatically start FTP Server when server powers on.

  1. enable vsftpd service.

systemctl enable vsftpd.service

2. Checking the status of ftp server

systemctl status vsftpd.service

 

Step 4: Configure vsftpd package. Edit /etc/vsftpd/vsftpd.conf

nano /etc/vsftpd/vsftpd.conf

 

  1. Change the line which contain anonymous_enable=NO to anonymous_enable=YES. This will give permit any one to access FTP server with authentication. If this setting is changed to ‘NO’, then users must use their login and password to access files from their home directory. [Note: For our use, I am keeping this setting as YES, so each user has to log in access their own files]
  2. local_enable=YES
    c. write_enable=YES
  3. Add the following to the end of the file.

#ADDED BY BC

allow_writeable_chroot=YES

pasv_enable=Yes

pasv_min_port=40000

pasv_max_port=40100

 

Step 5: Start FTP Server
systemctl start vsftpd.service

 

Step 6: Verification. Create a file under ‘var/ftp/pub’. Use a web browser to access the file.

[root@localhost /]# find . -name “pub”

find: ‘./run/user/1000/gvfs’: Permission denied

./var/ftp/pub

[root@localhost /]# cd var/ftp/pub

[root@localhost pub]# nano ftppubfile1.txt

 

If anonymous_enable=YES, ./var/ftp/pub Directory will be used.

111

If anonymous_enable=NO, users have to login with their credentials to access files.

222

3. Install and configure TFTP server in Red Hat/Centos 7.5 Linux

By italchemy

Step 1: Install, enable and start firewalld

sudo yum install firewalld

sudo systemctl enable firewalld <<<starts up firewall when system boots up

sudo systemctl start firewalld

 

Step 2: Punch a hole in firewalld to allow TFTP traffic.

 

firewall-cmd –permanent –zone=public –add-service=tftp

firewall-cmd –reload

iptables -I INPUT -p udp –dport 69 -j ACCEPT

 

Step 3: Install, enable and start TFTP server and client

sudo yum install xinetd tftp-server tftp

sudo systemctl enable xinetd tftp <<<starts up automatically on system boot-up

sudo systemctl start xinetd tftp

 

Step 4: We don’t want TFTP user to have root user permission. So let’s create a system account called tftpuser with no home directory and no login capability.

sudo useradd –no-create-home –s /sbin/nologin tftpuser

 

Step 4: Create a directory for TFTP Server use.

sudo mkdir –p /tftpdata

sudo chmod 777 /tftpdata

nano /tftpdata/demo1.txt

chown tftpuser:tftpuser –R /tftpdata

 

 

Step 5: Configure TFTP service using the following settings.

 

nano /etc/xinetd.d/tftp

222

Server_args notes:

-c = allows clients to connect and create files on the directory

-s = automatically change directory when client connect to TFTP server, to a specific directory in the configure file such as /tftpdata. A security feature.

-u = specifies the user as the owner of the directory /tftpdata

-p = Perform no additional permissions check

-U = Set-up Umask setting when client creates or pushes a new file

-v = Print some logging verbose when client connect to TFTP server.

 

Step 6: Edit file system start service for TFTP. Update [Service] > ‘ExecStart’line as below:

sudo nano /usr/lib/systemd/system/tftp.service

 

 

[Unit]

Description=Tftp Server

Requires=tftp.socket

Documentation=man:in.tftpd

 

[Service]

ExecStart=/usr/sbin/in.tftpd -c -v -u tftp -p -U 117 -s /tftpdata

StandardInput=socket

 

[Install]

Also=tftp.socket

 

Step 7: Reload the system daemon & TFTP services

 

sudo systemctl daemon-reload

sudo systemctl start xinetd

sudo systemctl enable xinetd

sudo systemctl start tftp

sudo systemctl enable tftp

 

 

Step 8: Check UDP port 69 is in listening mode

https://www.tecmint.com/20-netstat-commands-for-linux-network-management/

 

netstat -na | grep udp6

111

 

Use ‘netstat –lu’ for all UDP listening ports/services

222

Use ‘netstat –ap | grep tftp’ to check the service.

333

 

Check that firewall is allowing udp port 69.

netstat -tupan

netstat –tupan | grep 69

111

 

Step 9: Check connection and download a demo.txt file. Using another server/router/switch. Download a demo.txt from TFTP server.

 

  1. On TFTP server (192.168.47.135), create demo.txt file under tftpdata directory.

 

nano /tftpdata/demo.txt

222

 

  1. On another Linux host (IP: 192.168.47.131), download demo.txt file.

 

tftp 192.168.47.135

get demo.txt

 

333

 

Now verification has been completed and you have a working TFTP server.

2. Install and configure SFTP server in Red Hat/Centos 7.5 Linux

By italchemy

Step 1: Create a SFTP user with password

sudo adduser sftpuser

sudo passwd password

 

Step 2: Create Directory for File Transfer

 

  1. sudo mkdir –p /var/sftp/sftpdata

 

[root@localhost /]# find . -name “sftpdata”

find: ‘./run/user/1000/gvfs’: Permission denied

./var/sftp/sftpdata

 

  1. Make the root user as the owner of this directory.

sudo chown root:root /var/sftp

 

  1. Grant write permission to the root user and read permission to other users.

sudo chmod 755 /var/sftp

 

  1. Modify the owner of sftpdata to be the user access.

sudo chown sftpdata:sftpdata /var/sftp/sftpdata

 

Step 3: Restrict Directory Access

 

  1. open sshd_config file

 

sudo nano /etc/ssh/sshd_config

 

  1. Add the following to the end of the file.

Match User sftpuser

ForceCommand internal-sftp

PasswordAuthentication yes

ChrootDirectory /var/sftp

PermitTunnel no

AllowAgentForwarding no

AllowTcpForwarding no

X11Forwarding no

 

  1. Restart sshd to apply change

sudo systemctl restart sshd

 

Step 4: Verification via SSH connection

 

ssh sftpuser@192.168.47.135

 

The SSH connection gets closed as expected.

333

 

sftp sftpuser@192.168.47.135

You can connect via sftp and now download and manage files as below.

111

Now the ssh access has been restricted successfully and the sftpuser can only upload and manage his/her file via SFTP only.

1. Install and configure FTP server in Red Hat/Centos 7.5 Linux

By italchemy

Step 1: Install vsftpd (very secure FTP daemon) package.

yum install -y vsftpd ftp

 

Step 2: Enable FTP on firewall

firewall-cmd –permanent –zone=public –add-service=ftp
firewall-cmd –reload

 

Step 3: to automatically start FTP Server when server powers on.

  1. enable vsftpd service.

systemctl enable vsftpd.service

2. Checking the status of ftp server

systemctl status vsftpd.service

 

Step 4: Configure vsftpd package. Edit /etc/vsftpd/vsftpd.conf

nano /etc/vsftpd/vsftpd.conf

 

  1. Change the line which contain anonymous_enable=NO to anonymous_enable=YES. This will give permit any one to access FTP server with authentication. If this setting is changed to ‘NO’, then users must use their login and password to access files from their home directory. [Note: For our use, I am keeping this setting as YES, so each user has to log in access their own files]
  2. local_enable=YES
    c. write_enable=YES
  3. Add the following to the end of the file.

#ADDED BY BC

allow_writeable_chroot=YES

pasv_enable=Yes

pasv_min_port=40000

pasv_max_port=40100

 

Step 5: Start FTP Server
systemctl start vsftpd.service

 

Step 6: Verification. Create a file under ‘var/ftp/pub’. Use a web browser to access the file.

[root@localhost /]# find . -name “pub”

find: ‘./run/user/1000/gvfs’: Permission denied

./var/ftp/pub

[root@localhost /]# cd var/ftp/pub

[root@localhost pub]# nano ftppubfile1.txt

 

If anonymous_enable=YES, ./var/ftp/pub Directory will be used.

111

If anonymous_enable=NO, users have to login with their credentials to access files.

222

❌