NSX SFTP Backup stops working after upgrade to NSX 6.3.*

October 23, 2017 (Last Modified: November 11, 2022)

I am in a process of upgrading NSX 6.2.4 by a customer in three locations deployed using VVD Deployment Toolkit. The NSX Upgrade itself went really smoothly. However, after the upgrade, we noticed that SFTP backup stopped working with an enigmatic error.

Unable to connect to server FQDN at 22. Either server details are invalid or invalid credentials are presented.( Common algorithms not found. )

After checking credentials and SFTP backup destination server I found that with NSX 6.3.0 SFTP supports following backup ciphers:

Encryption: aes128-cbc, aes128-ctr, aes192-cbc, aes192-ctr, aes256-cbc, aes256-ctr
Message Authentication(mac): hmac-sha2-256
Key Exchanges: diffie-hellman-group-exchange-sha256

https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.3/rn/releasenotes_nsx_vsphere_630.html

To fix the issue sshd config must be adjusted:

Edit the ssh_config.
sshd_config keywords Cipher and MACs need to be updated with the correct Cipher and MAC algorithms.For example:

Ciphers aes128-cbc,aes128-ctr,aes192-cbc,aes192-ctr,aes256-cbc,aes256-ctr MACs hmac-sha2-256

Once config change is done, restart ssh deamon and backup will start to work again.

With over 16 years in the IT industry, I am a seasoned and innovative IT professional with a track record of success. Drawing from my extensive work experience in large and complex corporate environments, I bring knowledge to help customers and businesses achieve their goals with precision, professionalism, and cost-effectiveness. leading vendor certifications have recognized my expertise from AWS, Alibaba Cloud, Google Cloud, VMware, and Microsoft. I am dedicated to contributing to the IT community, as evidenced by my VMware vExpert awards from 2014-2023, including vExpert Pro 2018-2022, vExpert Cloud Provider 2022, and VMware vExpert NSX 2017 Award.