In this blog, I will be setting up an Ubuntu Virtual Machine as a SFTP Server for NSX-T config backups.
- Set an Ubuntu Server , I used the below release
animeshd@sftp:~$ lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 18.04 LTS
- Installed VMware tools on the Ubuntu machine.
- Install latest updates to the Ubuntu Machine using : sudo apt-get update (assume internet access is there)
- Next , Install an Openssh Server using : sudo apt install openssh-server
check the status of ssh – running
Next, using putty ssh to the server, and take the backup of /etc/ssh/sshd_config file.
In the current example, I took a backup of the file under the tmp directory as /tmp/sshd_backup.
As the original file is read only, use chmod 777 against the /etc/ssh/sshd_config file to edit it. Use an editor of your choice on the system, I used Nano editor to the open the file for editing.
- Edit the ListenIPaddress and add the IP of the local machine.
- Then change X11Forwarding no (change from ‘yes’), and then add the overriding settings as per the screenshot below.
Here’s what each of those directives do:
- Match User tells the SSH server to apply the following commands only to the user specified.
- ForceCommand internal-sftp forces the SSH server to run the SFTP server upon login.
- PasswordAuthentication yes allows password authentication for this user.
- ChrootDirectory /var/nsxtsftp/ ensures that the user will not be allowed access to anything beyond the /var/nsxtsftp directory.
- AllowAgentForwarding no, AllowTcpForwarding no. and X11Forwarding no disables port forwarding, tunneling and X11 forwarding for this user.
Restart the ssh service on the machine
- Now, I have created these directory and user in the on the SFTP Ubuntu machine.
Create a new user
- sudo adduser –shell /bin/false nsxtbackupuser
Create a new directory
- sudo mkdir -p /var/nsxtsftp/backups
Change owner and permission on the new directory
- sudo chown root:root /var/nsxtsftp
- sudo chown nsxtbackupuser:nsxtbackupuser /var/nsxtsftp
- sudo chown 755 /var/nsxtsftp
Once, this is done use the NSX-T UI, under system go ahead and edit and configure backup to the backup server.
Then, perform a backup and view the result.
Backup files are getting created.