for all of you using debian 8 who want to use SSH. (Case #00899407)
veeam is not supporting new/actual ciphers so you have to change the default settings of ssh server.
add at this at the end of /etc/ssh/sshd_config and restart ssh service:
That's right. After installing Update 3, only the following entry must be created:
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
After that restart SSH-service.
When is fixed there? After each update of Linux, the entry must be re-create!
Linux
• SSH client update. Added support for modern key exchange (KEX) protocols and ciphers into the SSH client. Legacy SSH client has been left for compatibility with storage devices based on older Linux versions, and jobs will automatically failover to a legacy client failing to connect when using a modern protocol and/or cipher
<18> Warning Failed to create SSH connection to host: 'xxxx', port: 22, user: 'root', elevation to root: 'no', autoSudo: no, auth type: 'PublicKey', IPs: [x.x.x.x].. Server does not support diffie-hellman-group1-sha1 for keyexchange
<18> Warning Failed to create Granados SSH connection, switch to Renci SSH. Server does not support diffie-hellman-group1-sha1 for keyexchange
<18> Info Creating Renci SSH connection (unknown protocol)
<18> Warning Failed to create SSH connection to host: 'xxxx', port: 22, user: 'root', elevation to root: 'no', autoSudo: no, auth type: 'PublicKey', IPs: [x.x.x.x].. Server does not support diffie-hellman-group1-sha1 for keyexchange
<18> Warning Failed to create Granados SSH connection, switch to Renci SSH. Server does not support diffie-hellman-group1-sha1 for keyexchange
<18> Info Creating Renci SSH connection (unknown protocol)
<18> Error Invalid private key file. bei Veeam.Backup.SSH.RenciLib.CSshRenciConnectionImpl..ctor(CSshConnectionSpec connSpec)
Should'nt the error message be more fitting than "Invalid private key file." if something goes wrong with authenticating/loggin in?
If the ssh-server can produce a good error message (Apr 20 12:43:33 sshd[4929]: fatal: Unable to negotiate a key exchange method [preauth])
, why can't Veeam?
Although my current workaround was to downgrade back to 14.04LTS. I eventually would like to upgrade to Ubuntu 16.04LTS.
The issue I am facing is adding the latest ubuntu server as a repo. I keep getting an error message stating "An establish connection was aborted by the server" when trying to add it within the veeam console. I've checked several settings and permissions, but have not been able to resolve this. I was originally running 14.04LTS and never had issues. It wasn't until I upgrade to the latest. I am able to establish an SSH connection via putty. I've tried opening up several ports to just verify, but have not had any luck.
Case#: 01802705
That's a known issue and is planned to be fixed in Update 2. You might want to replace Renci.SshNet.dll which is located at Program Files/Veeam/Backup and Replication/Backup folder with a newer one manually. Just copy your old library file somewhere, replace it with a new one and restart Veeam service. looking forward to hear from you how it works.
The issue is still present in VEEAM Backup and Replication 9.5 w/SP2 We have two new Debian 8 machines that are showing this error when trying to configure the backups:
Warning Failed to create Granados SSH connection, switch to Renci SSH. Server does not support diffie-hellman-group1-sha1 for keyexchange
If there is a fix, I would like to know about it. These servers will be running our main ERP system for our company, and I need to get a backup schedule in place ASAP.
nlaurino wrote:The issue is still present in VEEAM Backup and Replication 9.5 w/SP2 We have two new Debian 8 machines that are showing this error when trying to configure the backups:
Warning Failed to create Granados SSH connection, switch to Renci SSH. Server does not support diffie-hellman-group1-sha1 for keyexchange
This is a different issue then, as we do support this cipher in 9.5U2. Indeed, just as the error says, the legacy Granados SSH client still does not support diffie-hellman-group1-sha1 - which is why we automatically failover to using Renci SSH client that does support one (Granados SSH client was left in the product as the first option for compatibility with really old Linux systems). So, whatever issue you're experiencing is not the same that started the thread (lack of support for modern ciphers).
I've managed to test ssh connection with Debian 8 and VBR U2 and it works without any issues - adding linux host into console works, backup jobs work, guest processing works. It seems that there might be some misconfiguration on the ssh server side (Debian), because the error message clearly states that it's the server does not support diffie-hellman-group1-sha1. Have you tried to add these lines into the /etc/ssh/sshd_config file: