BSSUP EXPLANATION

1 What is BSSUP?  

In order for Bicom Systems support to access your system without the need to share the  root password, we use a service called BSSUP.  BSSUP is a secure and time-limited method of providing access through SSH certificates.  It ensures that our support team can connect to your PBXware or SERVERware system  safely, without exposing sensitive login credentials.  This approach reduces security risks, gives you full control over when and for how long  the access is enabled, and guarantees that only Bicom Systems support can use it.

2 How BSSUP Works in the Background  

BSSUP was developed to allow Bicom Systems support secure and temporary access to  your system, without the need to ever share your root password. While the process  looks simple on your side (you just enable access in PBXware or SERVERware), in  the background there is a complete security mechanism that protects your system and  controls the duration of access.

1. Certificate Generation  

Instead of using passwords, BSSUP relies on digital SSH certificates. These certificates  are created and signed by Bicom Systems’ central server (the Certificate Authority). They  are time-limited and can only be used by Bicom Systems support. This means there is  no permanent password or key that could pose a security risk.  

2. Distribution and Key Security  

Once a certificate is created, it is securely distributed to your system. Your PBXware or  SERVERware periodically downloads the latest public keys and certificates from Bicom  Systems servers. Each certificate is valid only for a specific time window and automatically expires after that. This prevents any certificate from being reused indefinitely.

3. Verification Process  

When a Bicom Systems engineer attempts to connect to your system, your server checks:  

    • whether the certificate is signed by the official Bicom Systems authority,  

    • whether the certificate is still valid (not expired),  

    • whether the certificate matches the key being used for login.  

If any of these checks fail, access is automatically denied.

4. Limited Access Duration  

As a customer, you decide how long the access remains open (for example, a few hours or  up to one week). Once the time you set expires, access is automatically closed and Bicom Systems support can no longer connect. This gives you full control over the duration of  access.

5. Restricted Entry Point  

Access is only possible through port 2244 and exclusively from the official Bicom Systems  support network (IP address 185.59.93.56). Even when BSSUP is enabled, any connection  attempt outside this network will be rejected.

Summary  

Behind the scenes, BSSUP combines several layers of security:  

    • temporary SSH certificates,  

    • automatic certificate generation and rotation,  

    • strict verification of certificate origin,  

    • time-limited access windows,  

    • restriction to a specific port and IP address.  

In this way, BSSUP ensures that support can quickly assist with resolving issues, while  you always maintain full control over the security of your system.

On PBXware  

    1. Log in to the Setup Wizard by navigating to https://<PBXwareIP>:81, where  <PBXwareIP> is your     system’s IP address or domain name.  

    2. Enter your root password, then go to the **Support Access** tab.  

    3. Set the port number to **2244** and choose a **timeout duration** matching how  long you             want the access to remain open.  

    4. Click **Open SSH Access**.  

    5. You should see the message: *“SSH Access: Opened.”*

On SERVERware  

    1. Log in to the SERVERware GUI.  

    2. Click the button in the top right corner, located just to the left of the date.  

    3. In the popup window, click **Advanced options**.  

    4. Enter port **2244** and set the desired timeout duration.  

    5. Confirm your settings — you will see the message: *“SSH access has been permanently opened      for the support team only via port 2244.”*

Figure 1: Click the top-right button on the SERVERware controller to open advanced  options.  

Figure 2: Advanced options window where SSH access is enabled.  

3 Error During BSSUP Activation  

Sometimes, when trying to activate BSSUP, you may encounter the following message: