Comprehensive data protection for all workloads
Post Reply
thomas.gerhard
Lurker
Posts: 2
Liked: never
Joined: Sep 04, 2018 1:58 pm
Full Name: Thomas Gerhard
Contact:

Problem with linux guest file retore SuSE SLES 12

Post by thomas.gerhard »

Situation:
Server: Hyper-V Windows 2016
VM: SuSE SLES 12, servicepack 3
Veeam: Backup & Replication 9.5 Update 3a

Problem:
Restore of guest files (Linux or other) is not working. The FLR appliance is starting, can copy the agent to the linux's /tmp folder, but can not start the agent. The restore process is canceled after a timeout (see veeam logfiles on your ftp server). The linux log /var/log/messages contains the message "Unable to negotiate with 172.22.81.11 [the veeam server] port 53341: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1." (see linux-messages on your ftp server, e.g. 2018-09-04T09:32:47).

Reason:
SuSE SLES 12 SP3 no longer supports the exchange method diffie-hellman-group1-sha1 by default due to of security issues with this method.

Fix:
After adding the line "KexAlgorithms +diffie-hellman-group1-sha1" in the linux's /etc/ssh/sshd_config and restarting the ssh deamon, the restore is working fine. The downside of this fix is, that the security of the linux system is weakened. We would highly appreciate, if Veeam would use a newer method for the ssh authentication in future releases.

Support-Ticket ID: 03176271
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by PTide »

Hi,

Veeam already supports diffie-hellman-group-exchange-sha256, I'm not really sure why it failed to negotiate in this particular case. It should have retried to establish the connection using the proper protocol. On the other hand it might be related to Renci ssh library using sftp for file transfers. Please check this fix first.

If that does not help then please escalate the support case so they will take a closer look at the problem.

Thanks
thomas.gerhard
Lurker
Posts: 2
Liked: never
Joined: Sep 04, 2018 1:58 pm
Full Name: Thomas Gerhard
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by thomas.gerhard »

With SLES 12 SP3 this fix is already implemented as default in the sshd_config. Unfortunately diffie-hellman-group-exchange-sha256 is still not working. The support case is now escalated.
restore-helper
Influencer
Posts: 24
Liked: 3 times
Joined: Oct 11, 2018 7:38 am
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by restore-helper »

Have the same problem.
Any resolution why diffie-hellman-group-exchange-sha256 is not working.

Thanks
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by PTide »

Hi and welcome to the forums!

If none of the solutions and workarounds mentioned above worked for you, then please open a support case and post your case ID in this thread.

Thanks!
cdeibert
Lurker
Posts: 1
Liked: never
Joined: Nov 13, 2018 11:18 am
Full Name: Carsten Deibert
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by cdeibert »

Hi, any news on this topic? Have the exact same problem, thanks.
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by PTide »

Hi,

The diffie-hellman-group-exchange-sha256 is already implemented in VBR, so it should work. If the proposed fix from Novell didn't work, then please contact our support team directly and post your case ID.

Thanks!
Post Reply

Who is online

Users browsing this forum: Google [Bot], MTIK and 148 guests