SFTP backups configuration fails after 'Username or Password' change in Fleet Manager
search cancel

SFTP backups configuration fails after 'Username or Password' change in Fleet Manager

book

Article ID: 416350

calendar_today

Updated On:

Products

VCF Automation

Issue/Introduction

  1. Once the credentials are changed on the SFTP in Fleet Manager, a synthetic check failure event is observed while saving the setting for SFTP configuration.
  2. We see the same error when we cURL to the SFTP Host from VCFA/VIDB:
    Command:
curl -k https://<sftp-host-ip>:30006/status
    Error message seen in the Output:
platform-vmsp-platform-sftp":{"ok":false,"lastError":"failed to connect to SSH server: ssh: handshake failed: ssh: disconnect, reason 11: Access denied.","timestamp":"2026-06-15T03:00:15Z","duration":"90.861561ms","contiguousFailures":1,"lastTransitionTime":

Environment

VCF Operations 9.0.x

Cause

Old credentials are still stored in VMSP

Resolution

  1. Follow the steps below to update the SFTP credentials in VMSP for the respective product (VCFA or VIDB):
  2. SSH into the VCFA or VIDB node with vmware-system-user account.
  3. Run the following command to switch to the root user:
    sudo -i
  4. View the current Username & Password.
    1. To view the saved 'SFTP Hostname, the Username & the directory', run the command below:
      kubectl get pd vmsp-platform -n vmsp-platform -ojsonpath="{.spec.values.sftp}"
      • Example Output:
        {"directory":"<Directory-Name>", "host": "<SFTP-Hostname>", "port":22, "username": "<UserName>"}
    2. To view the current password, run the command below:
      kubectl get secret sftp-password-secret -n vmsp-platform -o jsonpath='{.data.sftpPassword}' | base64 --decode
  5. Create a /tmp/patch.json file with this content
    	{
  "spec": {
    "values": {
      "sftp": {
        "directory": "/<Directory name as set in SFTP server>/",  <----- From the output in Step-5.1
        "host": "<SFTP-HOST-IP>",
        "port": 22,
        "username": "<SFTP-USERNAME>" <----- New Username
      }
    }
  }
}
  6. Apply the sftp config
    kubectl patch pd vmsp-platform -n vmsp-platform --type=merge --patch-file /tmp/patch.json
  7. Run to update the password
    kubectl create secret generic sftp-password-secret -n vmsp-platform --from-literal='sftpPassword=<password>' --dry-run=client -o yaml | kubectl apply -f -

Additional Information

Note:

In version 9.0, the VI Editor is not available by default. The required packages are not included in the out-of-the-box deployment and must be installed manually. For detailed installation steps, refer to KB Article 424649, which provides instructions for installing the required VIM packages.

Powered by Wolken Software