Comprehensive data protection for all workloads
Post Reply
thomas.gerhard
Lurker
Posts: 2
Liked: never
Joined: Sep 04, 2018 1:58 pm
Full Name: Thomas Gerhard
Contact:

Problem with linux guest file retore SuSE SLES 12

Post by thomas.gerhard » Sep 04, 2018 2:02 pm

Situation:
Server: Hyper-V Windows 2016
VM: SuSE SLES 12, servicepack 3
Veeam: Backup & Replication 9.5 Update 3a

Problem:
Restore of guest files (Linux or other) is not working. The FLR appliance is starting, can copy the agent to the linux's /tmp folder, but can not start the agent. The restore process is canceled after a timeout (see veeam logfiles on your ftp server). The linux log /var/log/messages contains the message "Unable to negotiate with 172.22.81.11 [the veeam server] port 53341: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1." (see linux-messages on your ftp server, e.g. 2018-09-04T09:32:47).

Reason:
SuSE SLES 12 SP3 no longer supports the exchange method diffie-hellman-group1-sha1 by default due to of security issues with this method.

Fix:
After adding the line "KexAlgorithms +diffie-hellman-group1-sha1" in the linux's /etc/ssh/sshd_config and restarting the ssh deamon, the restore is working fine. The downside of this fix is, that the security of the linux system is weakened. We would highly appreciate, if Veeam would use a newer method for the ssh authentication in future releases.

Support-Ticket ID: 03176271

P.Tide
Product Manager
Posts: 5010
Liked: 429 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by P.Tide » Sep 05, 2018 12:07 pm

Hi,

Veeam already supports diffie-hellman-group-exchange-sha256, I'm not really sure why it failed to negotiate in this particular case. It should have retried to establish the connection using the proper protocol. On the other hand it might be related to Renci ssh library using sftp for file transfers. Please check this fix first.

If that does not help then please escalate the support case so they will take a closer look at the problem.

Thanks

thomas.gerhard
Lurker
Posts: 2
Liked: never
Joined: Sep 04, 2018 1:58 pm
Full Name: Thomas Gerhard
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by thomas.gerhard » Sep 10, 2018 7:12 am

With SLES 12 SP3 this fix is already implemented as default in the sshd_config. Unfortunately diffie-hellman-group-exchange-sha256 is still not working. The support case is now escalated.

restore-helper
Lurker
Posts: 1
Liked: never
Joined: Oct 11, 2018 7:38 am
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by restore-helper » Oct 12, 2018 7:34 pm

Have the same problem.
Any resolution why diffie-hellman-group-exchange-sha256 is not working.

Thanks

P.Tide
Product Manager
Posts: 5010
Liked: 429 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by P.Tide » Oct 13, 2018 4:54 pm

Hi and welcome to the forums!

If none of the solutions and workarounds mentioned above worked for you, then please open a support case and post your case ID in this thread.

Thanks!

cdeibert
Lurker
Posts: 1
Liked: never
Joined: Nov 13, 2018 11:18 am
Full Name: Carsten Deibert
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by cdeibert » Nov 13, 2018 11:20 am

Hi, any news on this topic? Have the exact same problem, thanks.

P.Tide
Product Manager
Posts: 5010
Liked: 429 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: Problem with linux guest file retore SuSE SLES 12

Post by P.Tide » Nov 13, 2018 12:00 pm

Hi,

The diffie-hellman-group-exchange-sha256 is already implemented in VBR, so it should work. If the proposed fix from Novell didn't work, then please contact our support team directly and post your case ID.

Thanks!

Post Reply

Who is online

Users browsing this forum: Baidu [Spider], opg70, shakhdan, trondkri and 45 guests