Background
Our customers routinely use Cerberus FTP Server to transfer backups from Cisco Unified Computing System Manager (UCSM) and Cisco Unified Communications Manager (CUCM) using SFTP, or to upload firmware to Cisco switches over SCP.
While there’s usually great compatibility between our server and Cisco’s hardware and software systems, we’ve had occasional reports over the last year of problems with some Cisco switches related to SCP uploads. In the past, our team investigated, but we were unable to determine any problems on our end. The errors were all on the Cisco side, and these particular switches were older models.
Improving Compatibility
Getting high-level Cisco support engineering time can be a lengthy process, so our development team took another approach and decided to procure the Cisco devices exhibiting the problem. After exhaustive testing, reading through RFCs, and examining key exchanges between working clients and the Cisco devices, we were able to diagnose and come up with solutions to the problems.
We also investigated and resolved a Cisco bug related to using some Cisco UCM-FI products in FIPS mode with Cerberus FTP Server. This particular bug resulted in SSH2 key exchange between Cerberus and the Cisco devices failing during initial connection, but our team was able to reproduce, diagnose, and ultimately fix the compatibility issue.
During our research and testing we also discovered a long-standing key exchange bug in our own SSH2 implementation.
All told we were able to resolve 3 Cisco-specific issues, as well as improve our product’s overall SSH2 performance and compatibility. The development team put a lot of time and effort into reproducing and resolving these long-standing issues, and we’re excited to get this release into our customers’ hands. Not only should this release resolve all known incompatibilities between Cisco devices and Cerberus FTP Server, but the work we put into improving and testing our SSH2 implementation should also result in better compatibility with some lesser-known SSH implementations.
Availability
These fixes and improvements are all available now in Cerberus FTP Server 11.3.5 and beyond.