You want to bulk edit things like SMTP Routes or RAT entries on CES environments? You need CLI access to your ESA instances inside CES?
That's not that simple, there is no direct Access to CLI. There are SSH proxies provided for that usecase. First you need to ask for getting access there. (Some information below was provided by Cisco TAC)
Ask CES Activation Team ces-activations@cisco.com or Cisco TAC for CLI Access
Following are the steps for setting up SSH access.
Access to your IronPort appliances is provided through an SSH Proxy using key authentication. CLI access to your hosted appliances should be limited to key individuals within your organization.
Overview of the Process:
1) Generate Private/Public keys
1a) If you require multiple users, you may generate and submit up to 10 keys.
2) Reply to this email with your *Public* key -attached-.
3) We will apply your key(s) to our SSH Proxy.
4) We will then provide you a guide on accessing your machine.
HOW TO: Generate a Private/Public keypair for Hosted CLI access.
For UNIX OSes such as Linux, OS X, Solaris, etc.
SSH-keygen -t rsa -b <bitstrength> -f <filename>
<bitstrength> is an integer number.
<filename> is the path name to a file where the key(s) will be saved to.
Example: SSH-keygen -t rsa -b 2048 -f ~/.SSH/my_key
*Please ensure that you safeguard your private keys.
*DO NOT send us your private keys.
*If you are submitting multiple keys, please provide names and email address associated to each key.
There are numerous SSH client applications available for all major operating systems. Windows users can use puttygen: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Howto establish Proxytunnel
PUTTY CONNECTION GUIDE TEMPLATE:
Accessing your IronPort appliances is made through an SSH proxy.
You will initiate a local port forwarding proxy on your workstation.
Your workstation will be listening on a localhost port.
You will then SSH to your localhost, which will forward the SSH traffic to your IronPort appliance.
Enter in the Proxy hostname - Make sure you choose the correct one for your region, US or EU:
There are two US SSH proxies:
f4-ssh.iphmx.com (68.232.128.202)
f5-ssh.iphmx.com (68.232.134.202)
And two EU SSH proxies:
Click Data and add dh-user to the auto-login
Click SSH and check Don't start a shell or Comm...
Click Auth and Browse to your Private key.
Click Tunnels supply a Source Port, Destination (Your IronPort Appliance)
Click Add, and it should look like this.
example
1. esa1.hc***.c3s2.iphmx.com
2. esa2.hc***.c3s2.iphmx.com
You can save this session for future use. Click Session, you may supply a name,
and Save the session. Go Ahead and Open the session to initiate the local port forwarding proxy.
If all goes well you will automatically be logged on to the proxy server.
You won't get a command prompt.
Now you will need to open a new putty window. Use the hostname 127.0.0.1
and use the source port number in the tunnel configuration above.
(2200) Click open to connect to your appliance.
When prompted use your appliance username and password.
Please confirm that you are able to access your appliances via the command line. If you have further questions please feel free to contact us.
Copy Files through Proxytunnel
c:\Program Files\PuTTY>pscp -P 2200 partner_syseng@127.0.0.1:configuration/smtp_routes_export c:\smtp_routes.txt
Using keyboard-interactive authentication.
partner_syseng@esa1.hc***.c3s2.iphmx.com's password:
smtp_routes.txt | 0 kB | 0.3 kB/s | ETA: 00:00:00 | 100%
c:\Program Files\PuTTY>pscp -P 2200 partner_syseng@127.0.0.1:configuration/RAT_export c:\RAT_export.txt
Using keyboard-interactive authentication.
partner_syseng@esa1.hc***.c3s2.iphmx.com's password:
RAT_export.txt | 0 kB | 0.2 kB/s | ETA: 00:00:00 | 100%
c:\Program Files\PuTTY>pscp.exe -P 2200 c:\Users\alth\Documents\smtp_routes_import.txt partner_syseng@127.0.0.1:configuration/smtp_routes_import
Using keyboard-interactive authentication.
partner_syseng@esa1.hc***.c3s2.iphmx.com's password:
smtp_routes_import.tx | 13 kB | 13.5 kB/s | ETA: 00:00:00 | 100%
c:\Program Files\PuTTY>pscp.exe -P 2200 c:\Users\alth\Documents\smtp_routes_import.txt partner_syseng@127.0.0.1:configuration/smtp_routes_import
Using keyboard-interactive authentication.
partner_syseng@esa1.hc***.c3s2.iphmx.com's password:
smtp_routes_import.tx | 13 kB | 13.4 kB/s | ETA: 00:00:00 | 100%
No comments:
Post a Comment