Search the VMware Knowledge Base (KB)
View by Article ID

Backup to SFTP server fails in NSX for vSphere 6.3.x (2149282)

  • 1 Ratings

Symptoms

In an NSX for vSphere 6.3.x environment, you experience these symptoms:
  • NSX Backup to SFTP Server fails
  • You see the error:

    unable to connect to server x.x.x.x at 22. Either server details are invalid or invalid credentials are presented (permission denied).

Purpose

This article provides guidance with configuring an SFTP server to work with NSX backups.

Cause

This issue occurs due to a Cipher/MAC algorithm configuration issue on the SFTP server.

sftp server sshd in debug mode  (sshd -ddd) reflects:

Connection from x.x.x.x port 45768 on x.x.x.x port 22
debug1: Client protocol version 2.0; client software version JSCAPE-2.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1

Error on MAC Algorithm:

no matching mac found: client hmac-sha2-256 server hmac-sha1 [preauth].

Resolution

To resolve this issue, ensure to use the ciphers which are supported for SFTP backup in NSX 6.3.x.

Supported ciphers:

Encryption: aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr
Message Authentication(mac): hmac-sha2-256
Key Exchanges: diffie-hellman-group-exchange-sha256

To configure the sftp server CIPHER / MAC Algorithms:
  1. Edit the /etc/ssh/sshd_config file.
  2. sshd_config keywords Cipher and MACs need to be updated with the correct Cipher and MAC algorithms.

    For example:

    Ciphers aes128-cbc,aes128-ctr,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr
    MACs    hmac-sha2-256

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 1 Ratings
Actions
KB: