When configuring an SFTP target for NSX backups, administrators may attempt to bypass the SSH fingerprint validation or use RSA keys instead of the default ECDSA keys for fingerprint authentication.

VMware NSX 4.x
VMware Cloud Foundation (VCF) 9.0

By design, NSX requires an ECDSA-based SSH fingerprint to securely configure an SFTP backup target. There is no mechanism or supported script to bypass this security requirement. Additionally, RSA keys are not supported for fingerprint authentication in NSX 4.x releases and in VCF 9.0.

Support for RSA-based fingerprint authentication is planned for the VCF 9.1 release. For NSX 4.x and VCF 9.0, ECDSA key on the target SFTP server needs to be generated. 

Bypassing the SSH fingerprint validation is unsupported and no configuration workarounds exist.

Ensure the SFTP server is explicitly configured to present an ECDSA host key during the initial SSH handshake from the NSX Manager.