Problem with linux guest file retore SuSE SLES 12

thomas.gerhard · Sep 04, 2018 2:02 pm

Situation:
Server: Hyper-V Windows 2016
VM: SuSE SLES 12, servicepack 3
Veeam: Backup & Replication 9.5 Update 3a

Problem:
Restore of guest files (Linux or other) is not working. The FLR appliance is starting, can copy the agent to the linux's /tmp folder, but can not start the agent. The restore process is canceled after a timeout (see veeam logfiles on your ftp server). The linux log /var/log/messages contains the message "Unable to negotiate with 172.22.81.11 [the veeam server] port 53341: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1." (see linux-messages on your ftp server, e.g. 2018-09-04T09:32:47).

Reason:
SuSE SLES 12 SP3 no longer supports the exchange method diffie-hellman-group1-sha1 by default due to of security issues with this method.

Fix:
After adding the line "KexAlgorithms +diffie-hellman-group1-sha1" in the linux's /etc/ssh/sshd_config and restarting the ssh deamon, the restore is working fine. The downside of this fix is, that the security of the linux system is weakened. We would highly appreciate, if Veeam would use a newer method for the ssh authentication in future releases.

Support-Ticket ID: 03176271

Post by **PTide** » Sep 05, 2018 12:07 pm this post

Hi,

Veeam already supports diffie-hellman-group-exchange-sha256, I'm not really sure why it failed to negotiate in this particular case. It should have retried to establish the connection using the proper protocol. On the other hand it might be related to Renci ssh library using sftp for file transfers. Please check this fix first.

If that does not help then please escalate the support case so they will take a closer look at the problem.

Thanks

thomas.gerhard · Sep 10, 2018 7:12 am

With SLES 12 SP3 this fix is already implemented as default in the sshd_config. Unfortunately diffie-hellman-group-exchange-sha256 is still not working. The support case is now escalated.

restore-helper · Oct 12, 2018 7:34 pm

Have the same problem.
Any resolution why diffie-hellman-group-exchange-sha256 is not working.

Thanks

Post by **PTide** » Oct 13, 2018 4:54 pm this post

Hi and welcome to the forums!

If none of the solutions and workarounds mentioned above worked for you, then please open a support case and post your case ID in this thread.

Thanks!

cdeibert · Post by **cdeibert** » Nov 13, 2018 11:20 am this post

Hi, any news on this topic? Have the exact same problem, thanks.

Post by **PTide** » Nov 13, 2018 12:00 pm this post

Hi,

The diffie-hellman-group-exchange-sha256 is already implemented in VBR, so it should work. If the proposed fix from Novell didn't work, then please contact our support team directly and post your case ID.

Thanks!

R&D Forums

Problem with linux guest file retore SuSE SLES 12

Re: Problem with linux guest file retore SuSE SLES 12

Re: Problem with linux guest file retore SuSE SLES 12

Re: Problem with linux guest file retore SuSE SLES 12

Re: Problem with linux guest file retore SuSE SLES 12

Re: Problem with linux guest file retore SuSE SLES 12

Re: Problem with linux guest file retore SuSE SLES 12

Who is online