1. Bicom Systems
  2. Solution home
  3. PBXware
  4. General Information

BSSUP EXPLANATION

1 What is BSSUP?  


In order for Bicom Systems support to access your system without the need to share the  root password, we use a service called BSSUP.  BSSUP is a secure and time-limited method of providing access through SSH certificates.  It ensures that our support team can connect to your PBXware or SERVERware system  safely, without exposing sensitive login credentials.  This approach reduces security risks, gives you full control over when and for how long  the access is enabled, and guarantees that only Bicom Systems support can use it.


2 How BSSUP Works in the Background  


BSSUP was developed to allow Bicom Systems support secure and temporary access to  your system, without the need to ever share your root password. While the process  looks simple on your side (you just enable access in PBXware or SERVERware), in  the background there is a complete security mechanism that protects your system and  controls the duration of access.


1. Certificate Generation  


Instead of using passwords, BSSUP relies on digital SSH certificates. These certificates  are created and signed by Bicom Systems’ central server (the Certificate Authority). They  are time-limited and can only be used by Bicom Systems support. This means there is  no permanent password or key that could pose a security risk.  


2. Distribution and Key Security  


Once a certificate is created, it is securely distributed to your system. Your PBXware or  SERVERware periodically downloads the latest public keys and certificates from Bicom  Systems servers. Each certificate is valid only for a specific time window and automatically expires after that. This prevents any certificate from being reused indefinitely.


3. Verification Process  


When a Bicom Systems engineer attempts to connect to your system, your server checks:  

    • whether the certificate is signed by the official Bicom Systems authority,  

    • whether the certificate is still valid (not expired),  

    • whether the certificate matches the key being used for login.  

If any of these checks fail, access is automatically denied.


4. Limited Access Duration  


As a customer, you decide how long the access remains open (for example, a few hours or  up to one week). Once the time you set expires, access is automatically closed and Bicom Systems support can no longer connect. This gives you full control over the duration of  access.


5. Restricted Entry Point  


Access is only possible through port 2244 and exclusively from the official Bicom Systems  support network (IP address 185.59.93.56). Even when BSSUP is enabled, any connection  attempt outside this network will be rejected.



Summary  


Behind the scenes, BSSUP combines several layers of security:  

    • temporary SSH certificates,  

    • automatic certificate generation and rotation,  

    • strict verification of certificate origin,  

    • time-limited access windows,  

    • restriction to a specific port and IP address.  


In this way, BSSUP ensures that support can quickly assist with resolving issues, while  you always maintain full control over the security of your system.




On PBXware  


    1. Log in to the Setup Wizard by navigating to https://<PBXwareIP>:81, where  <PBXwareIP> is your     system’s IP address or domain name.  

    2. Enter your root password, then go to the **Support Access** tab.  

    3. Set the port number to **2244** and choose a **timeout duration** matching how  long you             want the access to remain open.  

    4. Click **Open SSH Access**.  

    5. You should see the message: *“SSH Access: Opened.”*










On SERVERware  


    1. Log in to the SERVERware GUI.  

    2. Click the button in the top right corner, located just to the left of the date.  

    3. In the popup window, click **Advanced options**.  

    4. Enter port **2244** and set the desired timeout duration.  

    5. Confirm your settings — you will see the message: *“SSH access has been permanently opened      for the support team only via port 2244.”*




Figure 1: Click the top-right button on the SERVERware controller to open advanced  options.  





Figure 2: Advanced options window where SSH access is enabled.  







3 Error During BSSUP Activation  


Sometimes, when trying to activate BSSUP, you may encounter the following message:  




Steps to Resolve the Issue
 
 Follow these steps to fix the problem:  
1. Stop the HTTPD service. This ensures that all related processes are halted  before cleaning up stale PID files.  [root@MT11 ˜]# /opt/httpd/sh/stop  
bssup has active sessions, it will be left running ...  httpd stopped successfully.  


2. Check for active BSSUP sessions. List the PID files in the run directory to  see if ‘bssup.pid‘ exists.  
[root@MT11 ˜]# ls /opt/httpd/var/run/  
bssup.pid mini_httpd.pid  

3. Navigate to the run directory. Move into the directory where the PID files are  stored.  
[root@MT11 ˜]# cd /opt/httpd/var/run/  
[root@MT11 run]# ls  
bssup.pid mini_httpd.pid 


 4. Remove the stale BSSUP PID file. This clears the lock that prevents BSSUP  from starting.  
[root@MT11 run]# rm bssup.pid  
rm: remove regular file ’bssup.pid’? y  


5. Verify the PID file has been removed. Ensure the ‘bssup.pid‘ file is gone  before restarting services.  

[root@MT11 run]# ls  

[root@MT11 run]#


6. Return to the home directory. It’s good practice to return to a standard  working directory.  

[root@MT11 run]# cd  

[root@MT11 ˜]#


7. Restart the HTTPD service. After removing the stale PID file, the service can  start normally.  

[root@MT11 ˜]# /opt/httpd/sh/start  

httpd started successfully.  

[root@MT11 ˜]#



Following these steps ensures that any leftover BSSUP session is cleared and allows  BSSUP to activate correctly.