Avamar: SSH to Data Domain from Avamar Server fails with ssh_exchange_identification error
Zusammenfassung: SSH to Data Domain fails due to adminaccess access list.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Symptome
Admin access limits that are set on the Data Domain that do not include Avamar's IP address. This causes access issues and can result in the Data Domain appearing unresponsive in the Avamar Administrator UI.
SSH to the Data Domain from Avamar fails (using any account such as sysadmin or ddboost):
The connectivity test from Avamar to port 22 on the Data Domain shows no issues:
SSH to the Data Domain from Avamar fails (using any account such as sysadmin or ddboost):
admin@test-avamar:~/#: ssh ddboostuser@dd-hostname-removed ssh_exchange_identification: read: Connection reset by peer Or admin@test-avamar:~/#: ssh ddboostuser@dd-hostname-removed ssh_exchange_identification: Connection closed by remote host
The connectivity test from Avamar to port 22 on the Data Domain shows no issues:
telnet dd-hostname-removed 22 Trying 10.10.10.23... Connected to dd-hostname-removed. Escape character is '^]'. ^] telnet> q Connection closed.Log in to the Data Domain using SSH works without any issues from other machines. The ssh login fails only from Avamar Server.
Ursache
Data Domain systems contain an adminaccess access list that can restrict certain protocols based on IP address or hostname. If these restrictions are in place only IP addresses/hostname list within the Allowed Hosts field can connect to the Data Domain using those protocols.
Example 1:
Example 1:
adminaccess show Service Enabled Allowed Hosts ------- ------- ------------- ssh yes 10.0.0.1 scp yes (same as ssh) telnet no 10.0.0.1 ftp no 10.0.0.1 ftps yes 10.0.0.1 http yes - https yes - ------- ------- -------------
In the above output, SSH is restricted to allow only the IP address 10.0.0.1.
Example 2:
adminaccess show Service Enabled Allowed Hosts ----------- ------- --------------------------- ssh yes testbox1.corp.dell.local testbox2.corp.dell.local testbox3.corp.dell.local scp no (same as ssh) ... web-service yes N/A ----------- ------- ---------------------------
In the above output, ssh access is limited to 3 hosts: testbox1, testbox2, testbox3
Example 3:
adminaccess show Service Enabled Allowed Hosts ------- ------- -------------- ssh yes -
The above output shows a configuration without any access list (any host can log in to the Data Domain using ssh).
Lösung
Admin access must be configured to include Avamar's IP address or hostname into the allowed hosts.
Log in to the Data Domain as an admin account.
The admin access can be reset back to default using the following command:
Log in to the Data Domain as an admin account.
The admin access can be reset back to default using the following command:
adminaccess reset sshThe above command resets the adminaccess ssh rules and allows ssh connections from any host.
adminaccess show Service Enabled Allowed Hosts ------- ------- ------------- ssh yes - scp yes (same as ssh) telnet no 10.0.0.1 ftp no 10.0.0.1 ftps yes 10.0.0.1 http yes - https yes - ------- ------- -------------If the SSH access cannot be reset, allow explicit SSH access from the Avamar with the following command:
adminaccess ssh add <Avamar IP Address or FQDN>Confirm that the admin access list has been updated correctly.
adminaccess show Service Enabled Allowed Hosts ------- ------- --------------------------- ssh yes 10.0.0.1 avamar.dell.com scp yes (same as ssh) telnet no 10.0.0.1 ftp yes 10.0.0.1 ftps no - http yes - https yes - ------- ------- ---------------------------
Alternatively, these steps can be performed using Data Domain web UI as well.
If the issue is still not resolved, check the resolution path article Troubleshooting Data Domain Integration Reporting Errors in the Avamar Administrator UI (Resolution Path).
If the issue is still not resolved, check the resolution path article Troubleshooting Data Domain Integration Reporting Errors in the Avamar Administrator UI (Resolution Path).
Betroffene Produkte
AvamarProdukte
Avamar, Avamar Server, Data DomainArtikeleigenschaften
Artikelnummer: 000041010
Artikeltyp: Solution
Zuletzt geändert: 08 Juli 2024
Version: 4
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.