Backup to SFTP server fails in NSX for vSphere 6.3.x through 6.3.4
search cancel

Backup to SFTP server fails in NSX for vSphere 6.3.x through 6.3.4

book

Article ID: 325713

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

This article provides guidance with configuring an SFTP server to work with NSX backups.

Symptoms:
In an NSX for vSphere 6.3.x through 6.3.4 environment, you experience these symptoms:
  • NSX Backup to SFTP Server fails
  • You see the error:

    unable to connect to server x.x.x.x at 22. Either server details are invalid or invalid credentials are presented (permission denied).


Environment

VMware NSX for vSphere 6.3.x

Cause

This issue occurs due to a Cipher/MAC algorithm configuration issue on the SFTP server.
 
sftp server sshd in debug mode (sshd -ddd) reflects:
 
Connection from x.x.x.x port 45768 on x.x.x.x port 22
debug1: Client protocol version 2.0; client software version JSCAPE-2.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
 
Error on MAC Algorithm:
 
no matching mac found: client hmac-sha2-256 server hmac-sha1 [preauth].

Resolution

To resolve this issue, ensure to use the ciphers which are supported for SFTP backup in NSX 6.3.x through 6.3.4.

Supported ciphers:

Encryption: aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr
Message Authentication(mac): hmac-sha2-256
Key Exchanges: diffie-hellman-group-exchange-sha256
Compressions: none, zlib

To configure the sftp server CIPHER / MAC Algorithms:
  1. Edit the /etc/ssh/sshd_config file.
  2. sshd_config keywords Cipher and MACs need to be updated with the correct Cipher and MAC algorithms.

    For example:

    Ciphers aes128-cbc,aes128-ctr,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr
    MACs hmac-sha2-256


Additional Information


在 NSX for vSphere 6.3.x 中备份到 SFTP 服务器失败
NSX for vSphere 6.3.x で SFTP サーバへのバックアップが失敗する

Powered by Wolken Software