From getting MFT to work in IM&P and Jabber, I’ve discovered that it is really important to configure everything in the right order.
DO have the database completely configured before attempting to perform the configuration within cupadmin (See my previous blog-post for notes on Oracle-configuration).
Prepare the file-server (I’m using the same Linux-host that I have for receiving backups, hosting ISOs for upgrade, etc).
Make sure that RSAAuthentication and PubkeyAuthentication is enabled in /etc/ssh/sshd_config. Prepare a user / directory as follows;
[root@HOSTNAME mlundbom]# useradd -m chatfile
[root@HOSTNAME mlundbom]# passwd chatfile
Changing password for user chatfile.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@HOSTNAME mlundbom]# mkdir -p /home/mftFileStore/
[root@HOSTNAME mlundbom]# chown chatfile:chatfile /home/mftFileStore/
[root@HOSTNAME mlundbom]# chmod 700 /home/mftFileStore/
[root@HOSTNAME mlundbom]# su chatfile
[chatfile@HOSTNAME mlundbom]$ mkdir ~/.ssh/
[chatfile@HOSTNAME mlundbom]$ touch ~/.ssh/authorized_keys
[chatfile@HOSTNAME mlundbom]$ chmod 700 ~chatfile
[chatfile@HOSTNAME mlundbom]$ chmod 700 ~/.ssh
[chatfile@HOSTNAME mlundbom]$ chmod 700 ~/.ssh/authorized_keys
[chatfile@HOSTNAME mlundbom]$ mkdir /home/mftFileStore/IMPHOSTNAME
[chatfile@HOSTNAME mlundbom]$ exit
[root@HOSTNAME mlundbom]# ssh-keyscan -t rsa hostname.domain.tld
# hostname.domain.tld SSH-2.0-OpenSSH_6.6.1
hostname.domain.tld ssh-rsa RSA-KEY
Copy the output from the last italic line and head to cupadmin, Messaging, External Server Setup and External File Servers. Click Add New, give the record a name, enter the host/fqdn (be careful here that the format matches the RSA-key) and paste the output from ssh-keyscan;
After saving, continue to Messaging, External Server Setup and External Databases. Click Add New, and be careful to enter the correct information here – the Database name must match with the configured service name on the database server;
Once this has been saved, head to Messaging and select File Transfer. Select Managed File Transfer, select your servers and save.
Click the link for Public Key and copy the contents of the text-box within the popup. Do NOT continue with any other steps regarding IM&P right now, but head back to your fileserver. Edit ~/.ssh/authorized_keys for the configured user (using whatever editor, I’ve heard that there are others then vi, but I refuse to believe it 🙂 ), paste the contents from your clipboard, save the file and go back to cupadmin.
Within cupadmin, by now you should’ve received a notification stating that the XCP Router requires a restart. Proceed with that restart (handy link from within the notification) and when XCP Router is up again, go ahead and try to activate/start Cisco XCP File Transfer Manager.
Pay attention to the service status for Cisco XCP File Transfer Manager, it might attempt a few starts and then end up in “not running”. I poked around a bit with the associations, and everytime you update the server assignment, a new public key gets generated. From the CLI, use
file view activelog epas/trace/xcp/log/AFTStartup.log
to find potential issues. If that log ends up with;
AFT - Passwordless SSH has not been set up correctly. Exiting
…then you have the wrong public key in ~/.ssh/authorized_keys.
If the service starts (and stays running) as expected, head back to cupadmin, Messaging, External Server Setup and External Databases (and External File Servers) and select your file transfer database/server, if everything looks good – you should see the following;
Once everything is green, go ahead and restart your Jabber clients. Try to send a file, and you should see the following in your conversation;
What I really, really like here is that file transfers can be performed with clients that are connecting via MRA.