Backing up switch configuration using configupload command failing with error 'configupload not permitted (sftp failed)'

Summary: Issued the 'configupload' command to back up switch configuration to an SFTP server. Received the error message 'configupload not permitted (sftp failed)'.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

The errdumpall output on the switch displays the following error message at the time the configupload command fails:
 
SEC-3076: 'SSH session establishment failed. Reason: Unable to negotiate a key exchange method'.

Cause

A possible cause for this issue is the switch and the SFTP server having SSH KEX (key exchange) algorithms which do not match.

The SSH KEX algorithms, which are enabled on the switch, can be checked using the following command:

secCryptoCfg --show

Resolution

Update the SSH KEX algorithms on either the switch or the SFTP server so that they match.

Use the following command syntax to update the SSH KEX algorithms on the switch:

secCryptoCfg --replace -type SSH -kex [algorithm1,algorithm2]

Below is a list of the SSH KEX algorithms that are available in Fabric OS 8.2.x:
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group-exchange-sha1
  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1

Check the Fabric OS Command Reference guide section on the 'secCryptoCfg' command for further details and examples.

Affected Products

Brocade
Article Properties
Article Number: 000188867
Article Type: Solution
Last Modified: 23 Jun 2021
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.