Specifications
16-16
Cisco Unity Express Voice-Mail and Auto-Attendant CLI Administrator Guide for 3.0 and Later Versions
OL-14010-09
Chapter 16 Backing Up and Restoring Data
Backup Server Authentication Using a SSH Host Key
Overview
Starting in release 3.0, you can authenticate the backup server using the SSH protocol before starting a
backup/restore operation. The SSH protocol uses public key cryptography for server authentication.
This feature provides two methods of authenticating a server:
• Establishing a secure connection based only on the URL of a trusted backup server.
• Obtaining the fingerprint of the backup server and using it to establish a secure connection. This
fingerprint is also known as the host key or private key.
The first method is easier than the second method, but it is less secure because it does not depend on you
knowing the backup server’s private host key. However, if you know the URL of a trusted backup server,
it is generally safe. In this case, the backup server securely provides the client with its private host key.
In both cases, when server authentication is enabled, the system validates the SSH server’s private host
key by comparing the fingerprint of the key received from the server with a preconfigured string. If the
two fingerprints do not match, the SSH handshake fails, and the backup/restore operation does not occur.
You cannot use the GUI to configure this feature; you must use the CLI.
Both methods are explained in the following sections.
Configuring Backup Server Authentication Without Using the SSH Host Key
Prerequisites
Cisco Unity Express 3.0 or a later version
Required Data for This Procedure
To enable SSH authentication of a backup server without knowing the server’s fingerprint (private host
key), you must know the URL of a trusted backup server.
SUMMARY STEPS
1. config t
2. backup server url sftp://url
3. backup server authenticate
4. end
5. show security ssh knowhost