Data Protection Advisor: Data Domain SSH requests fail

Zusammenfassung: All Data Protection Advisor (DPA) Data Domain SSH requests for one Data Domain fail with error "Unable to exchange encryption keys."

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Symptome

All DPA Data Domain SSH requests for one Data Domain fail with error "Unable to exchange encryption keys."

The following warning message is seen in dpaagent.log for the Agent that is used to collect from this Data Domain:

WARN    14276.10356    20200103:164719              com.ssh - aapiSSHInitSession(): Error starting ssh session for host <DD_hostname_or_IP>. -5: Unable to exchange encryption keys

Ursache

SSH ciphers or macs in use by the DPA Agent do not match the SSH ciphers or macs on the Data Domain that DPA is attempting to collect from.

Lösung

In order to successfully communicate using SSH, both devices must use the same cipher or mac set. If a common cipher or mac set cannot be found between the two devices, then the SSH connection fails. The cipher or mac set must be updated on either or both of the devices attempting to communicate to resolve this issue.

Follow the below steps:

  1. Run the below command on the Data Domain.
adminaccess ssh option show

Its output looks like this:
 
Option            Value                                                                                                                                                                                       
---------------   -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
session-timeout   default (infinite)                                                                                                                                                                          
server-port       default (22)                                                                                                                                                                                
ciphers           aes256-cbc,chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com                                                                                                      
macs              umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
---------------   -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  1. For the ciphers in that output, confirm if they contain any of the below ones. 
aes256-cbc, rijndael-cbc@lysator.liu.se, aes192-cbc, aes128-cbc, arcfour128, arcfour,3des-cbc 

If not, run the below command on the Data Domain:
 

adminaccess ssh option set ciphers 'aes256-cbc,<existing_ciphers_on_DD>'

  1. For the macs in that output, confirm if they contain any of the below ones. 
hmac-sha2-256, hmac-sha2-512, hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96

If not, run the below command on the Data Domain. 

adminaccess ssh option set macs'hmac-sha2-256,hmac-sha2-512,<existing_macs_on_DD>'

 

Contact Dell Technologies Technical Support for further details or information.

Betroffene Produkte

Data Protection Advisor
Artikeleigenschaften
Artikelnummer: 000072088
Artikeltyp: Solution
Zuletzt geändert: 18 Apr. 2026
Version:  7
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.