Using Ubuntu Linux as an SFTP Server
Our telephone system is run by a Cisco BE6000M. This device is a VMWare server with a total of 5 VMs. One of the VMs hosts Cisco Unified Communications Manger (CUCM) and another VM hosts Cisco Unity Connection (CUC). The other VMs provide various support functions.
Any backup strategy for CUCM and CUC had to take into consideration the following:
- CUCM and CUC use SFTP for their backup processes
- Our corporate backup solution will only backup Windows servers. It has no capability to back up Ubuntu servers
- Whatever backups we took from the BE6000 had to, in the end, reside on one of our Windows file servers so that they can be moved offsite to cloud storage as part of our nightly backup routines.
Possible Solution #1: Add an SFTP server to one of the Windows servers that was part of our corporate backup cycle.
I started down this track and quickly found a few blocking factors:
- SFTP is not FTPS. They are two different protocols
- SFTP is not naively supported on Windows IIS. In order to add SFTP to a windows server, you can choose from among open source and proprietary solutions. I looked at each of these solutions and found that they are long and complex implementations. In addition, some cost more that we were willing to pay and some were free but very limited in what they could do.
Possible Solution #2: Use SFTP and SMB on a Ubuntu server
This is the solution that I chose to use. The remainder of this article details how this solution was implemented and put into production.
I put together the following tools to implement this solution
- An older but very capable Intel-based system
- The latest release of Ubuntu Server downloaded from here
- Webmin which is a set of browser based tools to administer Ubuntu from a GUI (more information about Webmin is here)
- A Windows 2016 server on our corporate domain
- FileZilla for Windows to test the SFTP connection on the Ubuntu Server
- PuTTY for SSH access to the Ubuntu TTY console
I also knew that I could rely on the Samba (CIFS) capabilities of Ubuntu to allow the Ubuntu server to access a Windows server file system.
One piece of knowledge that you will have to have to complete this process is knowing how to use the vi or vim editor to make modifications to some system configuration files.
Step 1: Install and Configure Ubuntu Server
I won’t go into detail here about how this is done because there are many detailed articles that cover this subject. An excellent one is here. As part of the installation process, I selected the Open SSH Server and standard system utilities to be installed. I did not install the Samba File Server. A few other points / tips are worth mentioning here:
- I always download the latest iso image for Ubuntu Server from here. I prepare an installation CD that contains this iso using a Windows utility called ImgBurn.
- I always use the latest LTS (long term support) version since this will be a production server that is on our network.
- I connect a keyboard, mouse and monitor to the hardware that will be used during the installation. Since the system physically resides in a locked, “lights out” computer room, I use SSH (via PuTTY) for all access to the console after the initial installation. (I never install Gnome or other GUI as part of server installations). I remove the keyboard, monitor and mouse after I can successfully connect to the server with PuTTY.
- I always make sure the system I am building is physically connected to a network. This enables Ubuntu to discover and configure a network interface and configure the etc/network/interfaces file for a dynamic IP address if a DHCP server is located.
The Ubuntu installation process is pretty self-directed and will require a few confirmation and selections from you so don’t walk away for too long during the process.
After the installation process is completed, there are two tasks I do before I disconnect the keyboard/monitor/mouse and turn off the lights
Task 1: Because this is a server, I give it a fixed IP address. During the installation process, if Ubuntu discovers a DHCP server, it will assume that the DHCP server will be used to assign an IP address. Our policy is that server always have a fixed IP address so after the installation, I had to modify the network configuration file (/etc /network/interfaces).
In the interest of efficiency, here is a copy of the file that is currently in production:
# This is file: /etc /network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc /network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto enp5s0 # *** The following line was created during installation. It was commented # *** and replaced # iface enp5s0 inet dhcp # *** The following lines were inserted to apply a static ip address to the # interface that was originally assigned a dynamic address iface enp5s0 inet static address 192.168.1.15 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 dns-nameservers 192.168.1.16 220.127.116.11 # if your system is part of a domain, replace mydomain with the name of your domain dns-domain mydomain.org
I reboot after I make these changes. At this point, I have a functioning Ubuntu server with a static IP address. A quick comments on domains. Because we will be accessing the Windows file system from the Ubuntu file system, it is important that both systems are on the same domain. Specifying the domain is the function of the last line in the previous listing.
Task 2: The last task I do before I turn off the lights and close the door is to verify that I can login via PuTTY / SSH using the admin UserID and password specified during the installation. Once I can do that, I can lock the computer room and turn off the lights. From now on, all access to this system is via SSH.
Step 2: Install Webmin and Administer the Server
The best solution that I have found for doing most of the day-to-day administration tasks that an Ubuntu server requires is a tool called Webmin. Webmin has become part of my standard toolkit whenever I generate a Ubuntu server.
After Webmin is installed, I can do most of the rest (not all) of what I need through the Webmin application.
Step 3: Create the users that will be used to login by the remote systems using SFTP
I needed to create two separate, individual Ubuntu users because my backups will be coming from two different systems and will be put into two separate directories on the Windows servers.
I used Webmin to create these users. I also created a group called “phones” and added the users to the group. Again, Webmin (as an alternative to a shell command) is a good tool to do this. These permissions are important because we will need to give these users access to the mount point that will hold the Windows file system.
Step 4: Create the file structure to receive backup files on the Windows Server
As I previously mentioned, the goal is to place the incoming backup files onto a windows server so that they can be moved offsite each night.
The strategy here is to mount a Windows file system to a directory in Ubuntu using CIFS and allow each of the BE6000 systems to place their backup into separate sub directories. As previously mentioned, there are two systems that need to backup. One system is “phones”, one is “voicemail”.
On the Windows server, I created and shared a directory with a share name backups. This directory is so each system to be backed up will have a place to deposit its backup files. I create two subdirectories under backups. One directory is called phones and the other directory is called voicemail.
On the Windows server, the directory structure look like:
BACKUPS (this directory is shared as \\system\backups)
Step 4: Configure CIFS (Samba) to mount a Windows partition from a server
CIFS (also known as Samba) allows a Windows file system to be accessed as if it was a part of the Ubuntu file system.
This tutorial from the Ubuntu Wiki provide the outline of what you will need to do.
A couple of notes from this tutorial to highlight:
- Install the CIFS utilities as indicated
- I needed to specify some permissions to mount the files
Step 5: Set the mount points for the CIFS partitions
In Linux, everything is a file or a directory (which is just a special type of file). To make the Windows directories available to the Ubuntu user the first step was to configure CIFS so that the Windows file system can be accessed.
The next step is to make the Windows file system available to the Ubuntu file system by mounting (attaching) the shared backups directory to a node (directory) in the Unix file system.
This is done by executing the following shell commands:
Step 6: Complete the set up for the user logins to be used by SFTP
For each of the logins, I execute the command from the command line to set the home directory of the for each login will go to a separate directory under the Ubuntu mount point. This needs to be done because when you create
One important point here is that because the Ubuntu server is on the same domain as the Windows server, I can reach the Windows server from the Ubuntu server.