Unable to configure VCF backup(unable to register a backup server with VCF) in the "Site Settings" section of the "Backup" page in the SDDC-Manager UI, receiving the below error:
Invalid parameter: Validation failed for directory path <directory-path> on server <server-ip-or-fqdn>. Please make sure backup directory is intact and sftp server has write permission on backup path.
You can find the error below in /var/log/vmware/vcf/operationsmanager/operationsmanager.log:
2024-05-07T14:05:51.082+0000 ERROR [vcf_om,ef7e96f5cde4418d,871a] [c.v.evo.sddc.common.util.SshUtil,pool-2-thread-18] Unable to create jsch CLI session:
com.jcraft.jsch.JSchException: reject HostKey: 10.10.10.10
VCF 4.x
VCF 5.0
VCF 5.1.0
When the backup server uses OpenSsh greater than or equal to 8.8, by default the server would not support the ssh-rsa SHA1 host key algorithm(for host key verification) but it is required in the Backup-Configuration validation API as it always looks for ssh-rsa host key for the host key verification.
This issue has been fixed in VCF 5.1.1 and later releases.
To workaround the issue:
Add the backup server's ECDSA key to the SDDC-Manager, and then use the API to configure VCF backup.
ssh-keyscan -t ecdsa -p <port> <backup-server-ip-or-fqdn> 2>/dev/null"
curl 'http://localhost/appliancemanager/ssh/knownHosts' -i -X POST -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"knownHosts":[{"host":"<backup-server-ip-or-fqdn>","port":22,"keyType":"ecdsa-sha2-nistp256","key":"<key-from-previous-step>"}]}'
"ssh-keygen -lf <(ssh-keyscan -t ssh-rsa -p 22 <ip-or-fqdn-of-the-server> 2>/dev/null)"
{"backupLocations":[{"server":"<backup-server-ip-or-fqdn>","port":22,"protocol":"SFTP","directoryPath":"<directory-path>","sshFingerprint":"SHA256:oxNDD6x/ZJ5MKKGjpF5/bvk3ZGfLOJEg3oySImzbjHM","username":"<user>","password":"<password>"}],"encryption":{"passphrase":"<passphrase>"}}