Avamar: Nie można dodać lub edytować Data Domain z powodu braku szyfru lub wymiany kluczy

Avamar User Interface (AUI) > Administration > System > Data Domain, podczas dodawania lub edytowania domeny danych pojawia się następujący błąd:

W przypadku wystąpienia błędu można znaleźć następujące komunikaty o błędzie na /usr/local/avamar/var/mc/server_log/mcserver.log.0:

Problem z szyfrowaniem:

WARNING: com.maverick.ssh.SshException: com.maverick.ssh.SshException
  at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:315)
  at com.maverick.ssh2.TransportProtocol.performKeyExchange(TransportProtocol.java:1424)
  at com.maverick.ssh2.TransportProtocol.processMessage(TransportProtocol.java:1821)
  at com.maverick.ssh2.TransportProtocol.startTransportProtocol(TransportProtocol.java:348)
  at com.maverick.ssh2.Ssh2Client.connect(Ssh2Client.java:122)
  at com.maverick.ssh.SshConnector.connect(SshConnector.java:646)
  at com.maverick.ssh.SshConnector.connect(SshConnector.java:481)
  at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:133)
  at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:185)
  at com.avamar.mc.datadomain.DdrSsh.validateCredentials(DdrSsh.java:272)
  at com.avamar.mc.datadomain.DataDomainService.validateCredentialSshConnection(DataDomainService.java:3668)
  at com.avamar.mc.datadomain.DataDomainService.validateDdrInfoAndGetDdrSystemInfo(DataDomainService.java:3766)
  at sun.reflect.GeneratedMethodAccessor171.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:498)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
  at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
  at com.sun.proxy.$Proxy34.validateDdrInfoAndGetDdrSystemInfo(Unknown Source)
  at com.avamar.mc.datadomain.DataDomainServiceContext.validateDdrInfoAndGetDdrSystemInfo(DataDomainServiceContext.java:245)
  at sun.reflect.GeneratedMethodAccessor170.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:498)
  at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
  at sun.rmi.transport.Transport$1.run(Transport.java:200)
  at sun.rmi.transport.Transport$1.run(Transport.java:197)

Lub 

Problem z wymianą kluczy:

WARNING: com.maverick.ssh.SshException: Failed to negotiate a transport component [aes128-ctr,aes192-ctr,aes256-ctr,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256] [chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com] [Unknown cause]
  at com.maverick.ssh2.TransportProtocol.selectNegotiatedComponent(TransportProtocol.java:1896)
  at com.maverick.ssh2.TransportProtocol.performKeyExchange(TransportProtocol.java:1277)
  at com.maverick.ssh2.TransportProtocol.processMessage(TransportProtocol.java:1821)
  at com.maverick.ssh2.TransportProtocol.startTransportProtocol(TransportProtocol.java:348)
  at com.maverick.ssh2.Ssh2Client.connect(Ssh2Client.java:122)
  at com.maverick.ssh.SshConnector.connect(SshConnector.java:646)
  at com.maverick.ssh.SshConnector.connect(SshConnector.java:481)
  at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:133)
  at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:185)
  at com.avamar.mc.datadomain.DdrSsh.validateCredentials(DdrSsh.java:272)
  at com.avamar.mc.datadomain.DataDomainService.validateCredentialSshConnection(DataDomainService.java:3668)
  at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1182)
  at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036)
  at sun.reflect.GeneratedMethodAccessor411.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
  at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
  at com.sun.proxy.$Proxy34.updateDdr(Unknown Source)
  at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223)
  at sun.reflect.GeneratedMethodAccessor410.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
  at sun.rmi.transport.Transport$1.run(Unknown Source)

Sprawdź plik /ddr/var/log/debug/messages.engineering plik dziennika na serwerze Data Domain.

Z poziomu serwera Avamar uruchom jako administrator:

ssh -i ~/.ssh/ddr_key <ddboost_user>@<data-domain-IP-FQDN>

admin@av-server:~/>: ssh -i ~/.ssh/ddr_key DDBoostUser@dd-production-srv
EMC Data Domain Virtual Edition
Last login: Wed Mar 12 08:31:03 CDT 2025 from 192.168.1.113 on pts/0
Welcome to Data Domain OS 7.13.0.20-1082704
-------------------------------------------
DDBoostUser@dd-production-srv#

Użyj następującego polecenia, aby wyświetlić plik dziennika messages.engineering:

log view debug/messages.engineering

Można zobaczyć następujące komunikaty:

Problem z szyfrem:

Unable to negotiate with 192.168.1.113 port 53036: no matching cipher found. Their offer: aes128-ctr,aes192-ctr,aes256-ctr,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256 [preauth]

Problem z wymianą kluczy:

Unable to negotiate with 192.168.1.113 port 43998: no matching host key type found. Their offer: ssh-dss,ssh-rsa,x509v3-sign-rsa,x509v3-sign-dss,x509v3-sign-rsa-sha1,x509v3-ssh-rsa,x509v3-ssh-dss,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,x509v3-rsa2048-sha256 [preauth]

W przypadku problemu z szyfrowaniem można wykonać następujący test. Z poziomu Avamara uruchom jako root:

ssh -i <ddboost_user>@<data-domain-IP-FQDN> -c <cipher>

Przykład błędu użycia szyfrów:

root@av-server:/#: ssh DDBoostUser@dd-production-srv.lab.com -c aes128-ctr
Unable to negotiate with 10.127.92.183 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
root@av-server:/#: 
root@av-server:/#: ssh DDBoostUser@dd-production-srv.lab.com -c aes192-ctr
Unable to negotiate with 10.127.92.183 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
root@av-server:/#: 
root@av-server:/#: ssh DDBoostUser@dd-production-srv.lab.com -c aes256-ctr
Unable to negotiate with 10.127.92.183 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
root@av-server:/#:

Otwórz zgłoszenie serwisowe do zespołu Avamar SCR, aby rozwiązać ten problem. 

W przypadku zespołu pomocy technicznej sprawdź sekcję Internal Notes, aby znaleźć rozwiązanie.