Backup to SFTP server fails in NSX for vSphere 6.3.x through 6.3.4
search cancel

Backup to SFTP server fails in NSX for vSphere 6.3.x through 6.3.4


Article ID: 325713


Updated On:


VMware NSX Networking


This article provides guidance with configuring an SFTP server to work with NSX backups.

In an NSX for vSphere 6.3.x through 6.3.4 environment, you experience these symptoms:
  • NSX Backup to SFTP Server fails
  • You see the error:

    unable to connect to server x.x.x.x at 22. Either server details are invalid or invalid credentials are presented (permission denied).


VMware NSX for vSphere 6.3.x


This issue occurs due to a Cipher/MAC algorithm configuration issue on the SFTP server.
sftp server sshd in debug mode (sshd -ddd) reflects:
Connection from x.x.x.x port 45768 on x.x.x.x port 22
debug1: Client protocol version 2.0; client software version JSCAPE-2.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
Error on MAC Algorithm:
no matching mac found: client hmac-sha2-256 server hmac-sha1 [preauth].


To resolve this issue, ensure to use the ciphers which are supported for SFTP backup in NSX 6.3.x through 6.3.4.

Supported ciphers:

Encryption: aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr
Message Authentication(mac): hmac-sha2-256
Key Exchanges: diffie-hellman-group-exchange-sha256
Compressions: none, zlib

To configure the sftp server CIPHER / MAC Algorithms:
  1. Edit the /etc/ssh/sshd_config file.
  2. sshd_config keywords Cipher and MACs need to be updated with the correct Cipher and MAC algorithms.

    For example:

    Ciphers aes128-cbc,aes128-ctr,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr
    MACs hmac-sha2-256

Additional Information

在 NSX for vSphere 6.3.x 中备份到 SFTP 服务器失败
NSX for vSphere 6.3.x で SFTP サーバへのバックアップが失敗する