On taking an NSX backup, you see the error:
"Possible FIPS violation during a backup: Error negotiating with remote host: Unable to negotiate with <hostname> port 22: no matching host key type found. Their offer: <ecdsa-sha2-nistp384 (and/or) ecdsa-sha2-nistp521> (Error code: 29206)"
Example:
VMware NSX 4.2.0
VMware NSX 4.2.1
This is a known issue introduced in NSX 4.2.0, where HostKeyAlgorithms ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 no longer work (but they are supported).
This issue is resolved in NSX 4.2.2.
Workaround:
Create hostKeyAlgorithm "ecdsa-sha2-nistp256" on the SFTP server (contact your backup server vendor for exact commands):
# ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_key
Then attempt to trigger backup again.
This issue is also resolved in NSX 9.0.0.
See also: VMware NSX "Backup" to SFTP server fails with FIPS violation.