Availability for the Always-On Enterprise
dahuafschmied
Service Provider
Posts: 9
Liked: 4 times
Joined: Dec 22, 2013 6:04 am
Full Name: Markus Flattinger
Contact:

Linux Debian 8 - SSH Connection

Post by dahuafschmied » Jul 19, 2015 7:39 am 3 people like this post

good moring,

for all of you using debian 8 who want to use SSH. (Case #00899407)
veeam is not supporting new/actual ciphers so you have to change the default settings of ssh server.

add at this at the end of /etc/ssh/sshd_config and restart ssh service:

Code: Select all

Ciphers 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,arcfour128,arcfour256,aes128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

Vitaliy S.
Veeam Software
Posts: 21536
Liked: 1281 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Linux Debian 8 - SSH Connection

Post by Vitaliy S. » Jul 19, 2015 8:28 pm

Thanks for sharing this with the community! Much appreciated.

dahuafschmied
Service Provider
Posts: 9
Liked: 4 times
Joined: Dec 22, 2013 6:04 am
Full Name: Markus Flattinger
Contact:

Re: Linux Debian 8 - SSH Connection

Post by dahuafschmied » Nov 18, 2015 12:41 pm 1 person likes this post

now with update 3 you can delete the Chipers line. its fixed.
but the Key Exchange is still stuck in the 90s. ;-)

edv@rubner.com
Influencer
Posts: 16
Liked: 5 times
Joined: Jun 26, 2015 1:35 pm
Full Name: Rubner EDV
Contact:

Re: Linux Debian 8 - SSH Connection

Post by edv@rubner.com » Nov 26, 2015 1:44 pm

Hi,

Thanks dahuafschmied.

That's right. After installing Update 3, only the following entry must be created:
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

After that restart SSH-service.

When is fixed there? After each update of Linux, the entry must be re-create!

Thanks
Michael

dahuafschmied
Service Provider
Posts: 9
Liked: 4 times
Joined: Dec 22, 2013 6:04 am
Full Name: Markus Flattinger
Contact:

Re: Linux Debian 8 - SSH Connection

Post by dahuafschmied » Feb 01, 2016 7:18 pm

From the V9 whats new:
Linux
• SSH client update. Added support for modern key exchange (KEX) protocols and ciphers into the SSH client. Legacy SSH client has been left for compatibility with storage devices based on older Linux versions, and jobs will automatically failover to a legacy client failing to connect when using a modern protocol and/or cipher
just tested it on a fresh debian v8:

Code: Select all

<18> Warning  Failed to create SSH connection to host: 'xxxx', port: 22, user: 'root', elevation to root: 'no', autoSudo: no, auth type: 'PublicKey', IPs: [x.x.x.x].. Server does not support diffie-hellman-group1-sha1 for keyexchange
<18> Warning  Failed to create Granados SSH connection, switch to Renci SSH. Server does not support diffie-hellman-group1-sha1 for keyexchange
<18> Info     Creating Renci SSH connection (unknown protocol)
:evil: :?:

dahuafschmied
Service Provider
Posts: 9
Liked: 4 times
Joined: Dec 22, 2013 6:04 am
Full Name: Markus Flattinger
Contact:

Re: Linux Debian 8 - SSH Connection

Post by dahuafschmied » Feb 02, 2016 11:24 am

after adding the KexAlgorithms in ssh config it works again. but with Granados SSH.

it seems the Renci SSH has a problem reading the key file stored in veeam config.
perhaps this helps:
http://www.jokecamp.com/blog/connecting ... g-ssh-net/


forgot a line in log file: :-)

Code: Select all

<18> Warning  Failed to create SSH connection to host: 'xxxx', port: 22, user: 'root', elevation to root: 'no', autoSudo: no, auth type: 'PublicKey', IPs: [x.x.x.x].. Server does not support diffie-hellman-group1-sha1 for keyexchange
<18> Warning  Failed to create Granados SSH connection, switch to Renci SSH. Server does not support diffie-hellman-group1-sha1 for keyexchange
<18> Info     Creating Renci SSH connection (unknown protocol)
<18> Error    Invalid private key file.   bei Veeam.Backup.SSH.RenciLib.CSshRenciConnectionImpl..ctor(CSshConnectionSpec connSpec)

lp@albersdruck.de
Enthusiast
Posts: 81
Liked: 32 times
Joined: Mar 25, 2013 7:37 pm
Full Name: Lars Pisanec
Contact:

Re: Linux Debian 8 - SSH Connection

Post by lp@albersdruck.de » Apr 20, 2016 1:01 pm

Concerning this:

Should'nt the error message be more fitting than "Invalid private key file." if something goes wrong with authenticating/loggin in?
If the ssh-server can produce a good error message (Apr 20 12:43:33 sshd[4929]: fatal: Unable to negotiate a key exchange method [preauth])
, why can't Veeam?

Kind regards,
Lars

jgard
Novice
Posts: 3
Liked: 1 time
Joined: May 24, 2016 7:21 pm
Contact:

[MERGED]: Adding Ubuntu Server 16.04LTS as Repo

Post by jgard » May 24, 2016 7:37 pm

Although my current workaround was to downgrade back to 14.04LTS. I eventually would like to upgrade to Ubuntu 16.04LTS.

The issue I am facing is adding the latest ubuntu server as a repo. I keep getting an error message stating "An establish connection was aborted by the server" when trying to add it within the veeam console. I've checked several settings and permissions, but have not been able to resolve this. I was originally running 14.04LTS and never had issues. It wasn't until I upgrade to the latest. I am able to establish an SSH connection via putty. I've tried opening up several ports to just verify, but have not had any luck.
Case#: 01802705

Any recommendations?

Image

PTide
Veeam Software
Posts: 4311
Liked: 355 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Linux Debian 8 - SSH Connection

Post by PTide » May 25, 2016 1:54 pm 1 person likes this post

Hi,

That's a known issue and is planned to be fixed in Update 2. You might want to replace Renci.SshNet.dll which is located at Program Files/Veeam/Backup and Replication/Backup folder with a newer one manually. Just copy your old library file somewhere, replace it with a new one and restart Veeam service. looking forward to hear from you how it works.

Thanks

jgard
Novice
Posts: 3
Liked: 1 time
Joined: May 24, 2016 7:21 pm
Contact:

Re: Linux Debian 8 - SSH Connection

Post by jgard » May 25, 2016 7:37 pm

Where would I get a new "Renci.SshNet.dll"? Will it automatically recreate it when I remove it from the directory?

dellock6
Veeam Software
Posts: 5487
Liked: 1510 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Linux Debian 8 - SSH Connection

Post by dellock6 » May 25, 2016 9:04 pm

The link that Pavel posted before is to the new dll, let me copy it here again:
https://sshnet.codeplex.com/downloads/get/944155
Luca Dell'Oca
EMEA Cloud Architect @ Veeam Software

@dellock6
http://www.virtualtothecore.com/en/
vExpert 2011-2012-2013-2014-2015-2016-2017-2018
Veeam VMCE #1

jgard
Novice
Posts: 3
Liked: 1 time
Joined: May 24, 2016 7:21 pm
Contact:

Re: Linux Debian 8 - SSH Connection

Post by jgard » May 25, 2016 10:48 pm 1 person likes this post

Whoops. I missed the first link.

It's working!! Thank you guys. This has been driving me crazy.

captainflannel
Enthusiast
Posts: 31
Liked: 5 times
Joined: Feb 27, 2012 8:53 pm
Contact:

Re: Linux Debian 8 - SSH Connection

Post by captainflannel » Aug 25, 2016 3:28 pm

Anyone have a chance to see if v9 update2 resolves the need to make the changes for MACs and Ciphers in SSHD_CONFIG ?

v.Eremin
Veeam Software
Posts: 15140
Liked: 1141 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Linux Debian 8 - SSH Connection

Post by v.Eremin » Aug 26, 2016 9:36 am

The issue is fixed in 9.5. For now, please stick to the hot fix mentioned by Pavel. Thanks.

nlaurino
Novice
Posts: 8
Liked: never
Joined: Jun 28, 2013 2:46 pm
Full Name: Nick Laurino
Contact:

Re: Linux Debian 8 - SSH Connection

Post by nlaurino » Oct 09, 2017 2:21 pm

The issue is still present in VEEAM Backup and Replication 9.5 w/SP2 We have two new Debian 8 machines that are showing this error when trying to configure the backups:

Warning Failed to create Granados SSH connection, switch to Renci SSH. Server does not support diffie-hellman-group1-sha1 for keyexchange

If there is a fix, I would like to know about it. These servers will be running our main ERP system for our company, and I need to get a backup schedule in place ASAP.

Thanks for any help.
Nick Laurino

Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 25 guests