Unable to configure SFTP Settings in VCF Operations for VCFA or VIDB when using an sftp server with a custom port
search cancel

Unable to configure SFTP Settings in VCF Operations for VCFA or VIDB when using an sftp server with a custom port

book

Article ID: 415963

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite) VCF Operations

Issue/Introduction

  • Following, Configure SFTP Backup Target in VCF Operations and clicking on "Fetch Fingerprint" fails with error in the UI, "unable to fetch Fingerprint for FQDN - <SFTP FQDN Name >".

  • The SFTP Server is configured to use a custom port.
  • The /var/log/vrlcm/vmware_vrlcm.log on the Fleet Management Appliance contains errors similar to: 

    INFO vrlcm[####] [http-nio-####-exec-4] [c.v.v.l.l.c.CertificateManagementController]  -- Request received to get rsa key from <SFTP_server_FQDN_IP>

    INFO vrlcm[[####]] [http-nio--####--exec-4] [c.v.v.l.l.s.CertificateManagementService]  -- Fetching rsa public key from <SFTP_server_FQDN_IP>

    ERROR vrlcm[[####]] [http-nio--####--exec-4] [c.v.v.l.u.CertificateUtil]  -- ssh-keyscan command failed with exit code: 1

    ERROR vrlcm[[####]] [http-nio--####--exec-4] [c.v.v.l.u.CertificateUtil]  -- Failed to get key from host.

Environment

VCF Operations 9.0

Resolution

This issue is a known issue that will be resolved in the VCF Operations 9.0.2 release.

In the interim, please use one of the following workarounds:

  1. Option A: Use SFTP on Port 22. If possible, configure your SFTP server to use the standard port 22. This is the simplest temporary solution.

  2. Option B: Configure with SSH Fingerprint (for custom ports). If you must use a custom SFTP port, you can configure the backup settings via an internal API call:

    • Step 1: Obtain SSH Fingerprint. Run the following command on your system to get the ssh-rsa key:
      bash ssh-keyscan -p <customportnumber> <IPaddressofSFTPserver>

      Note: 

      The ssh-keyscan custom port command will output multiple fingerprints and you only need to enter one of them in the sshFingerprint section above, either RSA or ECDSA will be fine.

    • Step 2: Configure Backup via API. Execute the following curl command, replacing the placeholders (<FleetManagementFQDN>, <password>, etc.) with your specific environment details and the output from ssh-keyscan:

      curl --request PUT \
        --url https://<FleetManagementFQDN>/lcm/lcops/api/v2/settings/backup-location \
        --header 'accept: application/json, text/plain, */*' \
        --header "authorization: Basic $(echo -n '<Fleetmgmtusername>:<password>' |base64)" \
        --header 'content-type: application/json;charset=UTF-8' \
        --data '{
        "server": "<sftpserverfqdn>",
        "port": "<customportnumber>",
        "protocol": "SFTP",
        "username": "<sftpusername>",
        "password": "{{password in plain text}}",
        "directoryPath": "/backup",
        "passphrase": "{{password in plain text}}",
        "sshFingerprint": "{{Output of ssh-keyscan custom port command}}"
      }
Powered by Wolken Software