Avamar: Data Domain Integration: Adding a Data Domain to Avamar fails (Failed to authenticate with ssh key file)

Summary: When adding a Data Domain to an Avamar configuration, the Avamar Management Console Server (MCS) must enable a secure connection with the DD Secure Shell (DDSSH) interface. If issues occur, attempting to add a Data Domain fails. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Unable to add a Data Domain (DD) to Avamar.

When attempting to add a Data Domain to Avamar a failure occurs, and the Avamar is unable to add the public key file to the DD.

Error reported: 

The ssh key failed. Verify there is not a duplicate ssh key for the user. The ssh key is used to allow password-less CLI interface with the Data Domain system.

Cause

When adding a Data Domain to an Avamar environment, the system automatically creates and exchanges the public and private keys that the Avamar Management Console Server (MCS) requires to enable a secure connection with the Data Domain Secure Shell (DDSSH) interface.

In some circumstances (such as editing the DDBoost user account that Avamar uses to connect to the Data Domain) the SSH key may fail. If this occurs, the key must be re-created and readded on the Data Domain.

Resolution

To generate an SSH public and private key pair and send the public key to the Data Domain:

1. Log in to the Avamar Utility Node as admin.

2. Check to see if the ssh keys allow login to the Data Domain:  See How To Access a Data Domain System from an Avamar Server for more information about logging into a Data Domain using ssh keys.

If the ssh key allows login without a password, stop following this article. 

3. Run the mcddrsetup_sshkey script to re-create the ssh keys.

Example:

mcddrsetup_sshkey
INFO: Setting up DD ssh key pair....
INFO: Generating DD ssh key pair....
Generating public/private rsa key pair.
Your identification has been saved in ddr_key.
Your public key has been saved in ddr_key.pub.
The key fingerprint is:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX admin@avamar.company.com
The key's randomart image is:
+--[ RSA     ]----+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
+-----------------+
INFO: DD ssh key pair was generated successfully.
INFO: DD ssh private key file "/home/admin/.ssh/ddr_key" has been copied to "/usr/local/avamar/lib/ddr_key".
INFO: The permissions of DD ssh private key file "/usr/local/avamar/lib/ddr_key" have been changed to 440.
INFO: The owner and group of DD ssh private key file "/usr/local/avamar/lib/ddr_key" have been changed to root and admin.
INFO: DD ssh public key file "/home/admin/.ssh/ddr_key.pub" has been copied to "/usr/local/avamar/lib/ddr_key.pub".
INFO: The permissions of DD ssh public key file "/usr/local/avamar/lib/ddr_key.pub" have been changed to 644.
INFO: The owner and group of DD ssh public key file "/usr/local/avamar/lib/ddr_key.pub" have been changed to root and admin.
INFO: DD ssh key files were copied successfully.
INFO: DD ssh key pair was set up successfully.
 

4. Display the contents of the ddr_key.pub file:

cat /home/admin/.ssh/ddr_key.pub
 

5. Open a second session to the Data Domain.

6. Add the SSH public key to the SSH authorized keys file on the Data Domain:

a. Run the following command to add the key:

adminaccess add ssh-keys <ddboost_user>

(Where <ddboost_user> is the name of the DDBoost user account for Avamar on the Data Domain.)

Sample command and output where the DDBoost user account is "ddboost_avamar_production":

adminaccess add ssh-keys ddboost_avamar_production
 

b. From the Avamar putty session, copy the contents of the DD public key (/home/admin/.ssh/ddr_key.pub).

Caution: Ensure that no additional white spaces are in the selection.
 
 

c. Paste the contents of the ddr_key.pub to the Data Domain command shell window.

d. Press the Enter key once.

e. Press Control-D.

7. Verify that the key has been accepted to the Data Domain using the following command:

adminaccess show ssh-keys <ddboost_user>

(Where <ddboost_user> is the name of the DDBoost user account for Avamar on the Data Domain.)

Sample command and output where the DDBoost user account is "ddboost_avamar_production":

adminaccess show ssh-keys ddboost_avamar_production
 

8. Test the key by logging into the Data Domain from Avamar:

ssh -i ~admin/.ssh/ddr_key <ddboost_user>@<Data_Domain_hostname>

(Where <ddboost_user> is the name of the DDBoost user account for Avamar on the Data Domain, and <Data_Domain_hostname> is the hostname or IP address of the Data Domain.)

Sample command and output where the DDBoost user account is "ddboost_avamar_production" on a Data Domain hostname dd-prod-1:

ssh -i ~admin/.ssh/ddr_key ddboost_avamar_production@dd-prod-1

Additional Information

Also see Avamar: Data Domain Integration: Adding Data Domain to Avamar fails (Failed to authenticate with ssh key file)

Affected Products

Avamar Server

Products

Avamar Server
Article Properties
Article Number: 000160400
Article Type: Solution
Last Modified: 16 Oct 2025
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.