Unable to set backup server using SSH private key - Error code: 29117
search cancel

Unable to set backup server using SSH private key - Error code: 29117

book

Article ID: 426575

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

When re-configuring NSX to perform backups to use SSH private key based authentication, instead of password based authentication to the SFTP server, the following error is encountered:


Either private key is not valid or public key is not configured on fileserver. (Error code: 29117)

Environment

VMware NSX

Cause

This error occurs because starting NSX 4.1, RSA is supported for SSH private key generation and the private key currently in use is not in the RSA format and uses the OpenSSH format. 

You see the following line at the beginning of the private key: 
-----BEGIN OPENSSH PRIVATE KEY-----

...instead of the following:
-----BEGIN RSA PRIVATE KEY-----


See the following document for more information: Configure Backups

Resolution

The OpenSSH private key needs to be converted into the RSA private key format to resolve this issue.

Follow these steps to convert your OpenSSH private key to the correct format:

    1. Run this command on your SFTP server: ssh-keygen -p -m PEM -f <location of key>/backup_key
    2. The key will be converted to Legacy PEM (PKCS#1)
    3. Open the file backup_key with a text file viewer, and confirm that the cert is starting with -----BEGIN RSA PRIVATE KEY----- and ending with -----END RSA PRIVATE KEY-----
    4. Make sure that there are no leading spaces or trailing spaces before and after the key (like before) -----BEGIN RSA PRIVATE KEY----- in the file backup_key
    5. Once you have ensured that there is no leading/trailing spaces, you can copy the contents of the the new key to the NSX Manager UI(ensuring all is copied including the header/footer -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY-----
    6. Next ensure that correct permissions are set for files/folders as follows:
      1. Entire .ssh folder must be 700 (drwx------)
        # sudo chmod 700<path>/.ssh
      2. The authorized_keys file must be 600 (-rw-------)
        # sudo chmod 700 <path>/.ssh/authorized_keys

        Note: The SFTP backup user (used by NSX) must own both.

Additional Information

Additional backup documentation for NSX can be found here: Backing Up and Restoring NSX Manager

Powered by Wolken Software