NVE: Unable to start SSH service on NVE due to kexalgorithms in sshd_config

Summary: The NetWorker Virtual Edition (NVE) appliance is not accessible over SSH. The NVE is otherwise up and running with no impact to data protection operations.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

The NetWorker solution is configured with the NetWorker Virtual Edition (NVE) Appliance, but it is not accessible over SSH. The NVE administrator management portals are still accessible (NetWorker Management Console, NetWorker Web User Interface, and NetWorker Installation Manager) and backup\restore functionality is also working successfully. The NVE operating system shell is accessible using a vSphere Web Client remote console.  

The SSH service is not running and reports the following:

nve:~ # systemctl start sshd.service
Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.

nve:~ # systemctl status sshd.service
● sshd.service - OpenSSH Daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Tue 2021-04-27 15:43:49 EDT; 17s ago
  Process: 6576 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=0/SUCCESS)
  Process: 12164 ExecStartPre=/usr/sbin/sshd -t $SSHD_OPTS (code=exited, status=255)
  Process: 12161 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
 Main PID: 6576 (code=exited, status=0/SUCCESS)
    Tasks: 6
   CGroup: /system.slice/sshd.service
           ├─11434 sshd: admin@pts/0
           ├─11438 -bash
           ├─11939 sudo su
           ├─11942 su
           ├─11943 bash
           └─12169 systemctl status sshd.service

Apr 27 15:43:48 nve systemd[1]: Failed to start OpenSSH Daemon.
Apr 27 15:43:48 nve systemd[1]: sshd.service: Unit entered failed state.
Apr 27 15:43:48 nve systemd[1]: sshd.service: Failed with result 'exit-code'.
Apr 27 15:43:49 nve systemd[1]: sshd.service: Service RestartSec=100ms expired, scheduling restart.
Apr 27 15:43:49 nve systemd[1]: Stopped OpenSSH Daemon.
Apr 27 15:43:49 nve systemd[1]: sshd.service: Start request repeated too quickly.
Apr 27 15:43:49 nve systemd[1]: Failed to start OpenSSH Daemon.
Apr 27 15:43:49 nve systemd[1]: sshd.service: Unit entered failed state.
Apr 27 15:43:49 nve systemd[1]: sshd.service: Failed with result 'start-limit'.


The /var/log/messages file states that there is an issue in the sshd_config file:

nve:~ # tail -n 30 /var/log/messages | grep ssh
Apr 27 15:43:48 nve systemd[1]: sshd.service: Service RestartSec=100ms expired, scheduling restart.
Apr 27 15:43:48 nve sshd-gen-keys-start[12161]: Checking for missing server keys in /etc/ssh
Apr 27 15:43:48 nve ssh-keygen[12162]: OWB:ERROR:BSAFELIB:func(112):reason(113):b_dsa.c:112
Apr 27 15:43:48 nve sshd-gen-keys-start[12161]: ssh-keygen: generating new host keys: DSA key_generate failed: error in libcrypto
Apr 27 15:43:48 nve sshd[12164]: /etc/ssh/sshd_config line 171: Directive 'kexalgorithms' is not allowed within a Match block
Apr 27 15:43:48 nve systemd[1]: sshd.service: Control process exited, code=exited status=255
Apr 27 15:43:48 nve systemd[1]: sshd.service: Unit entered failed state.
Apr 27 15:43:48 nve systemd[1]: sshd.service: Failed with result 'exit-code'.
Apr 27 15:43:49 nve systemd[1]: sshd.service: Service RestartSec=100ms expired, scheduling restart.
Apr 27 15:43:49 nve systemd[1]: sshd.service: Start request repeated too quickly.
Apr 27 15:43:49 nve systemd[1]: sshd.service: Unit entered failed state.
Apr 27 15:43:49 nve systemd[1]: sshd.service: Failed with result 'start-limit'.

Cause

The NVE /etc/ssh/sshd_config file contains a kexalgorithms entry, which was not removed during a previous NVE upgrade. 

nve:~ # cat /etc/ssh/sshd_config | grep -b2 kexalgorithms
Match Address ::1,127.0.0.1,127.0.0.1,127.0.0.2,::1,10.0.0.3,fe80::250:56ff:febb:58e7
   PermitRootLogin yes
kexalgorithms diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org

Resolution

Remove the kexalgorithms entry from the /etc/ssh/sshd_config file.

  1. From the vSphere Web Client, open a remote console session to the NVE
  2. Authenticate to the NVE with the root user
  3. Open the SSH configuration file with a text editor: vi /etc/ssh/sshd_config
  4. Remove or comment out the kexalgorithms line
  5. Save the changes to the /etc/ssh/sshd_config file.
  6. Start SSH service: systemctl start sshd.service
  7. Validate that SSH has started and does not report an error in the messages log: tail -n 100 /var/log/messages | grep ssh
  8. Access the NVE over SSH.

Additional Information

NVE: Upgrade or Install Failure Triage Guide

Affected Products

NetWorker
Article Properties
Article Number: 000185884
Article Type: Solution
Last Modified: 23 May 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.