Error: Authentication failed on fileserver sftp://<FQDN_or_IP>:22/<directory>/<username>. Either private key is not valid or public key is not configured on fileserver. (Error code: 29117)
Article ID: 387929
Updated On: 02-10-2025
Products
Issue/Introduction
When attempting to configure SFTP backups in NSX Manager, the username and password method works, but trying to configure SSH Private Key instead fails with an authentication error:
- Refer to the Configure Backups documentation for instructions and a list of supported operating systems for the SFTP servers.
- On the SFTP server, use "
su" to switch to the backup user and run command: "ls -l .ssh" to list the public key files, private key files, and the file named "authorized_keys". Check the permissions on those files look correct and ensure that the public key data has been copied from the <name>.pub file into the authorized_keys file. An example of a command that would copy the public key into authorized_keys is "cat .ssh/id_ed25519.pub >> .ssh/authorized_keys" - If the SFTP OS is on a supported version and the public and private keys have been validated to be correctly formatted and present in the directory on the SFTP Server, authentication will still fail if there is a difference between the data in the private key file on the SFTP server and what is entered in the Private Key box when setting up the backup configuration. See in the example below how a hidden newline character might easily be missed:
*This image shows the data of a keyfile that was generated in a support lab for example purposes. It has had a new line added at the end, after the final character in "-----END OPENSSH PRIVATE KEY-----"
If the above data were to be copied and pasted into the NSX UI without including the blank line at the end, authentication will fail with the error message described in this article.
Environment
VMware NSX
Cause
Private key data stored on the SFTP server doesn't exactly match what is being used when attempting to configure backups in the NSX Manager UI.
Resolution
Ensure that the private key data saved on the SFTP server correctly matches the key data that is being pasted into the Private Key field in the Backup Configuration window in the NSX Manager UI. Any difference, including the presence of a newline character on the backup server that is excluded from what is entered in NSX Manager will cause the authentication to fail.
Suggestions for how to ensure that the private key from the SFTP server matches what is being submitted in NSX Manager:
- Check the key file on the SFTP server for newline characters: cat -A ~/.ssh/<id_rsa> (Replace <id_rsa> with the actual filename where the private key is saved)
-
Use a Plain Text Editor: Paste the key into a plain text editor like Notepad first to ensure no hidden characters are included.
-
Copy from Plain Text Editor: Copy the key from the plain text editor and paste it into the NSX UI Private Key field.
Additional Information
For other issues with NSX Backup and Restore operations, refer to Troubleshooting NSX Backup and Restore Failures
If you are contacting Broadcom support about this issue, please provide the following:
- NSX Manager log bundles
- Text of any error messages seen in NSX GUI or command lines pertinent to the investigation
Handling Log Bundles for offline review with Broadcom support
Feedback
