Thought I warn you guys. I had a customer who uses a Windows Server with an SFTP daemon via CygWin.
Whilst other VMware products were fine to backup to it – HCX refused and threw a generic error that either the backup host is not reachable or the credentials are simply wrong.
After a few tests I confirmed that the SFTP server does work, in fact, I was even able to SFTP to it from the HCX Manager’s CLI.
Just when configuring the backup via the UI – it was not possible.
The HCX logs simply show the same error as the UI – so there wasn’t much to troubleshoot there. But when you check the SFTP logs from the backup server, you got a BIT more
Some random 3rd party standalone SFTP server that I tried merely threw the following error:
09:23:32.408 Info SSH: Session 5: No common key exchange algorithms.
I then used CygWin myself and used debug logging and got a bit more out of it:
Jul 12 09:46:01 jump sshd: PID 820: Unable to negotiate with 172.16.0.16 port 55764: no matching key exchange method found. Thei-group1-sha1 [preauth]
So it seems that HCX itself uses an old cipher when connecting to SFTP when using the UI.
I have opened an internal ticket with our guys here at VMware and they confirmed that the issue is indeed only with Windows servers running SFTP but unfortunately there isn’t a quick fix available right now.
There is a bug report for it – so support might get added in a future version, but for now, if SFTP is a requirement – use a Linux Server or revert back, to the more un-secure protocol – FTP. … well or manuel backups of course.
Find my other HCX related articles HERE (install / config etc.)