This works at least from UC version 8.x onwards.
To get access to the LicenseMac.sh file, you first need root access on your system.
Have a look here: http://uc-b.blogspot.de/2015/03/step-by-step-guide-to-root-access-via.html
When you system is rooted, ssh to it as root.
Fire up vim at LicenseMac.sh:
vim /usr/local/bin/base_scripts/LicenseMac.sh
Search for "FinalString=" by entering "/FinalString=" in vim. Mine popped up at line 155. Might be different in your system.
Edit the string to match your license mac.
FinalString="deadbeafdead"
Watch out! The original line has single quotes. We have to use double quotes to make this work. Otherwise your license field in "show status" might end up empty.
Reboot. Done.
Showing posts with label SSH. Show all posts
Showing posts with label SSH. Show all posts
Saturday, March 7, 2015
Step By Step Guide To Root Access Via SSH On UCCX 10.6
We will do this by booting the VM with a Redhat Centos ISO image. Then we are modifying some parameters and will end up after one reboot with a rooted UCCX system. This guide is also valid for CUCM / CUPS / UCXN. Supported version for this to work is at least 9.x to 10.x. I guess 8.6 should work also.
This guide will walk you through the rooting process of an UCCX 10.6 system. With the 10.x release Cisco switched from a 32bit Linux to a 64bit Linux. So, when you are on a pre 10.x system, you need a 32bit version of Centos. If you are at least on version 10.x you need the 64 bit version.
I use these:
32bit http://isoredirect.centos.org/centos/5/isos/i386/
64bit http://isoredirect.centos.org/centos/6/isos/x86_64/
Things needed for the rooting process of UCCX 10.6:
I'm showing this on a Vmware workstation 7.1 host. Other Vmware versions might/will show a different menu. If you are going to do this, you will be able to figure out where to find the relevant checkboxes. ;-)
I suggest taking a snapshot of the system before we begin.
We start by open the settings window of our UCCX machine. There we map our DVD drive to the Centos ISO image. Check that it will connect on power on.
Then we open the VMX file of your UCCX machine and enter an additional line:
bios.bootDelay = "7000"
When we start the UCCX system, this will give us a 7 sec delay to press ESC in the boot process.Which brings us to the boot menu:
Select "CD-ROM Drive" and press enter.
Select "Rescue installed system".
Select "English".
I prefer to leave it at "us". If you are using a non us keyboard this might be a little bit awkward if you are not used to this.
No need for a network here.
Select "Continue".
This can be a little bit tricky. Choose your active partition. Easy guess here because I came from 9.02 (ver5) to 10.6 (ver6). So it has to be the sda1 partition.
Select "OK".
Select "OK".
Select "Shell".
If you get an error reporting that /mnt/sysimage was mounted read only, you can fix it with:
mount -o rw,remount /mnt/sysimage
After checking /mnt/sysimage is mounted as rw you change your root to the mounted, hopefully active, partition:
bash-4.1# chroot /mnt/sysimage
sh-4.1#
Now we can start editing the systems config for root access via SSH.
Remove securetty to get rid of TTY restrictions:
sh-4.1# rm /etc/securetty
Set a password for root. Because this is only a lab system you can use a simple password and ignore the warning.
sh-4.1# passwd root
Changing password for user root.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
sh-4.1#
Assign a shell to the root user:
sh-4.1# vim /etc/passwd
Replace “root:x:0:0:root:/root:/sbin/nologin” with “root:x:0:0:root:/root:/bin/bash”.
Quit and save.
Allow root login via SSH:
sh-4.1# vim /etc/ssh/sshd_config
Add the line “PermitRootLogin yes”.
This one is write protected. So quit by using :wq!.
Set Selinux to permissive:
sh-4.1# vim /etc/selinux/config
Replace “SELINUX=enforcing” with “SELINUX=permissive”.
Quit and save.
Reboot the system to verify successful root access.
sh-4.1# reboot
When the reboot is finished try to ssh to the UCCX system. You should be prompted with this:
login as: root
root@172.20.23.250's password:
Send automatic password
Last login: Fri Mar 6 19:56:49 2015 from 172.20.23.3
[root@LABUCCX ~]#
There we are. Success! This is intended only for use in lab environments! Don't use this in production environments.
For those not familiar with the VIM editor there are some good tutorials online. This one has the important stuff covered: http://vim.wikia.com/wiki/Tutorial
In short words:
/FindMe Search for pattern FindMe. Caution! This is case sensitive.
n Next hit
N Previous hit
To edit a file press i. This will bring you to the insert mode. Now you can insert and delete text.
When you are done press ESC to leave insert mode.
:q! To quit without saving. You loose changes made.
:wq To save and close the file.
:wq! To save and close the file. Even if it is flagged as read only.
This guide will walk you through the rooting process of an UCCX 10.6 system. With the 10.x release Cisco switched from a 32bit Linux to a 64bit Linux. So, when you are on a pre 10.x system, you need a 32bit version of Centos. If you are at least on version 10.x you need the 64 bit version.
I use these:
32bit http://isoredirect.centos.org/centos/5/isos/i386/
64bit http://isoredirect.centos.org/centos/6/isos/x86_64/
Things needed for the rooting process of UCCX 10.6:
- Running Cisco UCCX 10.6 System
- CentOS-6.6-x86_64-bin-DVD1.iso or equivalent.
- 15-30 min of time to spend on this
I'm showing this on a Vmware workstation 7.1 host. Other Vmware versions might/will show a different menu. If you are going to do this, you will be able to figure out where to find the relevant checkboxes. ;-)
I suggest taking a snapshot of the system before we begin.
We start by open the settings window of our UCCX machine. There we map our DVD drive to the Centos ISO image. Check that it will connect on power on.
Then we open the VMX file of your UCCX machine and enter an additional line:
bios.bootDelay = "7000"
When we start the UCCX system, this will give us a 7 sec delay to press ESC in the boot process.Which brings us to the boot menu:
Select "CD-ROM Drive" and press enter.
Select "Rescue installed system".
Select "English".
I prefer to leave it at "us". If you are using a non us keyboard this might be a little bit awkward if you are not used to this.
No need for a network here.
Select "Continue".
This can be a little bit tricky. Choose your active partition. Easy guess here because I came from 9.02 (ver5) to 10.6 (ver6). So it has to be the sda1 partition.
Select "OK".
Select "OK".
Select "Shell".
If you get an error reporting that /mnt/sysimage was mounted read only, you can fix it with:
mount -o rw,remount /mnt/sysimage
After checking /mnt/sysimage is mounted as rw you change your root to the mounted, hopefully active, partition:
bash-4.1# chroot /mnt/sysimage
sh-4.1#
Now we can start editing the systems config for root access via SSH.
Remove securetty to get rid of TTY restrictions:
sh-4.1# rm /etc/securetty
Set a password for root. Because this is only a lab system you can use a simple password and ignore the warning.
sh-4.1# passwd root
Changing password for user root.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
sh-4.1#
Assign a shell to the root user:
sh-4.1# vim /etc/passwd
Replace “root:x:0:0:root:/root:/sbin/nologin” with “root:x:0:0:root:/root:/bin/bash”.
Quit and save.
Allow root login via SSH:
sh-4.1# vim /etc/ssh/sshd_config
Add the line “PermitRootLogin yes”.
This one is write protected. So quit by using :wq!.
Set Selinux to permissive:
sh-4.1# vim /etc/selinux/config
Replace “SELINUX=enforcing” with “SELINUX=permissive”.
Quit and save.
Reboot the system to verify successful root access.
sh-4.1# reboot
When the reboot is finished try to ssh to the UCCX system. You should be prompted with this:
login as: root
root@172.20.23.250's password:
Send automatic password
Last login: Fri Mar 6 19:56:49 2015 from 172.20.23.3
[root@LABUCCX ~]#
There we are. Success! This is intended only for use in lab environments! Don't use this in production environments.
For those not familiar with the VIM editor there are some good tutorials online. This one has the important stuff covered: http://vim.wikia.com/wiki/Tutorial
In short words:
/FindMe Search for pattern FindMe. Caution! This is case sensitive.
n Next hit
N Previous hit
To edit a file press i. This will bring you to the insert mode. Now you can insert and delete text.
When you are done press ESC to leave insert mode.
:q! To quit without saving. You loose changes made.
:wq To save and close the file.
:wq! To save and close the file. Even if it is flagged as read only.
Sunday, July 10, 2011
Access Cisco Unity Express from the internet with private addressing
Your Cisco Unity Express Voicemail system is connected to your Cisco Callmanager Express via private addressing? And you need to access it via the Internet? No VPN available?
Well, I had this task waiting for me. Not really complicated, but somebody might find it useful ....
Now you only need to enter this URL in your browser:
http://1.2.3.4:9999/admin
If there is a firewall in between , filtering all ports except for SIP traffic & SSH), you could set up an SSH Tunnel to fix that problem. See http://uc-b.blogspot.com/2011/07/putty-scp-file-transfer-to-cisco-ios.html
Well, I had this task waiting for me. Not really complicated, but somebody might find it useful ....
interface GigabitEthernet0/0
description Internet
ip address 1.2.3.5 255.255.255.248
ip nat outside
!
interface ISM0/0
ip unnumbered Loopback0
ip nat inside
service-module ip address 172.20.20.2 255.255.255.252
!Application: CUE Running on ISM
service-module ip default-gateway 172.20.20.1
!
ip nat inside source list CUE_OUT interface GigabitEthernet0/0 overload
ip nat inside source static tcp 172.20.20.2 80 1.2.3.5 9999 extendable
!
ip route 0.0.0.0 0.0.0.0 1.2.3.4
ip route 172.20.20.2 255.255.255.255 ISM0/0
!This gives your CUE access to public services (SMTP, DNS, ...)
ip access-list extended CUE_OUT
deny ip host 172.20.20.2 host 172.20.20.1
permit ip host 172.20.20.2 any
Now you only need to enter this URL in your browser:
http://1.2.3.4:9999/admin
If there is a firewall in between , filtering all ports except for SIP traffic & SSH), you could set up an SSH Tunnel to fix that problem. See http://uc-b.blogspot.com/2011/07/putty-scp-file-transfer-to-cisco-ios.html
Putty & SCP => File transfer to Cisco IOS through SSH Tunnel
Had the problem that I had to update an IOS Device with only SSH access available. Solution is to use SCP over a SSH Tunnel.
To do this, go to Change settings => Connection => SSH => Tunnels. Replace 1.2.3.4 with the IP you want to connect to. Before you define the local port, you should verify that it's unused. Doesn't need to be 22 on local side.
Remember to press the Add button before clicking Apply. Otherwise your settings will be lost.
Next check in a DOSs box the listening TCP ports. After entering "netstat -an -p TCP" you should find an entry like " TCP 127.0.0.1:22 0.0.0.0:0 Listening".
Now you have to prepare the router for SCP connection. The device should already be reachable via SSH.
Enter this in your router config:
That's it! Now you can move files to & from your device. I prefer to use the Putty SCP client pscp.
Copy files from flash:
pscp -scp -pw password scp@127.0.0.1:flash:test.pcap "C:\Users\andre\Downloads\test.pcap"
test.pcap | 30 kB | 30.6 kB/s | ETA: 00:00:00 | 100%
Copy files to flash:
pscp -scp -pw password "C:\Users\andre\Downloads\cme-151-4Mv1\cme-151-4Mv1\CME 8.6\CME 8.6.0 GUI\CME8.6.0GUI.tar" scp@127.0.0.1:flash:CME8.6.0GUI.tar
This works for all TCP based protocols. Makes life a lot easier ....
Cisco link for SCP:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftscp.html
To do this, go to Change settings => Connection => SSH => Tunnels. Replace 1.2.3.4 with the IP you want to connect to. Before you define the local port, you should verify that it's unused. Doesn't need to be 22 on local side.
Remember to press the Add button before clicking Apply. Otherwise your settings will be lost.
Next check in a DOSs box the listening TCP ports. After entering "netstat -an -p TCP" you should find an entry like " TCP 127.0.0.1:22 0.0.0.0:0 Listening".
Now you have to prepare the router for SCP connection. The device should already be reachable via SSH.
Enter this in your router config:
aaa new-model
aaa authentication login default local
aaa authorization exec default local
username scp secret password
ip scp server enable
That's it! Now you can move files to & from your device. I prefer to use the Putty SCP client pscp.
Copy files from flash:
pscp -scp -pw password scp@127.0.0.1:flash:test.pcap "C:\Users\andre\Downloads\test.pcap"
test.pcap | 30 kB | 30.6 kB/s | ETA: 00:00:00 | 100%
Copy files to flash:
pscp -scp -pw password "C:\Users\andre\Downloads\cme-151-4Mv1\cme-151-4Mv1\CME 8.6\CME 8.6.0 GUI\CME8.6.0GUI.tar" scp@127.0.0.1:flash:CME8.6.0GUI.tar
This works for all TCP based protocols. Makes life a lot easier ....
Cisco link for SCP:
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftscp.html
Subscribe to:
Posts (Atom)