SDDC Manager fails to configure SFTP backup
search cancel

SDDC Manager fails to configure SFTP backup

book

Article ID: 386267

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

  • The backup configuration fails in SDDC Manager with below error messages:

    Could not retrieve the fingerprint of the SFTP server. Please check that the server is accessible from the management network and re-enter the IP address. Failed to fetch fingerprint for the given backup server <FQDN-or-IP-Backup-Server> and port 22.

  • The SFTP backup server can be accessed normally with SSH from SDDC Manager.
  • In /var/log/vmware/vcf/operationsmanager/operationsmanager.log there are below similar messages:

    2025-01-21T02:38:50.777+0000 DEBUG [vcf_om,31a5b391acf34ac0,6407] [c.v.evo.sddc.common.util.SshKeyScan,http-nio-127.0.0.1-7300-exec-6] Successfully received SSH Host key for <FQDN-or-IP-Backup-Server>:22 - |1|AwmXQ9knsYWHhlDVUboYDFgObfk=|sBiL4lPnon7IblroQb2SIz2iNLU= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC03+KuZ3VIAGkuhU7r4SoXMPRVlj46M5wFjz93FtZO6vf7fx43vuEvCM4ngcs+/7Qe+FSO5ie9ag9GCmC5tktUkr/iFekA7lLt1/oBszbABl9B/03tFQQCpjN9sAhtLBGuzPZ4cs4FtUa0qMkNVbURwAOWrMMQddATUm+gP/sOVYrMhST3dwI7xTYVhBlSkhNEmcLl4uKEplqMUi/F1AN4qQp+zrKyYKG2EMUUMnzkbAiUviv1ih7MbXOfc7CRwOu4qPqNAa2bqJ7rIWLRq/g6BCeuASRpUzctZ8nAe7+06itzWftufrk8UPxzWcUD8XMoolEUgtbz1ZzwV5W7hBeF
    2025-01-21T02:38:50.805+0000 ERROR [vcf_om,31a5b391acf34ac0,6407] [c.v.e.sddc.common.util.SshKeyHelper,http-nio-127.0.0.1-7300-exec-6] Failed to get Host key for host: <FQDN-or-IP-Backup-Server> as command execution failed

    The above messages show the host name of SFTP backup server in blue has been hashed but it should be plaintext.  

  • Manually run ssh-keyscan on SDDC Manager against the SFTP backup server that can get the SFTP host key correctly:

    ssh-keyscan -4 <FQDN-or-IP-Backup-Server>

Environment

VMware Cloud Foundation 4.x
VMware Cloud Foundation 5.x

Cause

The Known Host of SFTP backup server should not be encrypted by Hash. In this case the Known Host of SFTP backup server received by SDDC Manager has been hashed because there is a setting 'HashKnownHosts yes' has been enabled in /etc/ssh/ssh_config of SDDC Manager.

Resolution

To resolve the issue:

  1. SSH to SDDC Manager with account vcf and then switch to account root with su root
  2. Edit the /etc/ssh/ssh_config and disable the setting by adding hash sign at the beginning of the setting:
     
    # HashKnownHosts yes

  3. Restart SSH service:

    systemctl restart sshd

  4. Configure the SFTP backup server again in SDDC Manager.
Powered by Wolken Software