Forum ©XSIBackup: ©VMWare ©ESXi Backup Software

Jimb

Member

Registered: 2022-03-18

Posts: 2

ssh_dispatch_run_fatal connection to port 22: invalid argument

Greetings;

I'm getting the error: ssh_dispatch_run_fatal connection to port 22: invalid argument when attempting to connect to my v5.5 ESX host from v7 ESX host. Ports are open and I can telnet to both servers on port 22.

I'm migrating VMs from 5.5 to 7 and having a problem with every other method for 1 VM that's 1TB in size. It was suggested to use xsibackup.

Suggestions?

admin

Administrator

Registered: 2017-04-21

Posts: 2,055

Re: ssh_dispatch_run_fatal connection to port 22: invalid argument

First of all you have to take some things into account:

Make sure that you have indeed enabled the SSHOut rule in your (c)ESXi firewall, not only SSHIn.

The OpenSSH versions in your two (c)ESXi boxes differ too much.
As new OpenSSH versions are released, the KEX algorithms and Ciphers are deprecated and new ones are added. Thus, it's likely that two OpenSSH implementations that are too distant in time can't agree on some KEX or Cipher.
You can try to solve the above mentioned situation by re-enabling some deprecated algorithm in your newest (c)ESXi box, should that be possible, as (c)ESXi's OpenSSH implementations are customized and may not allow to re-enable some older algorithms, contrary to regular OpenSSH releases.

Nonetheless, in your case you aren't even getting to that point. Your problem is related to having FIPS active in the (c)ESXi 7 box while your 5.5 box does not even support this feature. This is a common error when connecting from FIPS to non FIPS OpenSSH servers.

Now the thing is: how to disable FIPS in the target server. Is that even possible?

In (c)ESXi 6.7.0 and above:

1/ To find whether FIPS is enabled or not.

esxcli system security fips140 ssh get

2/ To disable FIPS

esxcli system security fips140 ssh set --enable=false

(*)FIPS is a security feature. You may very well disable it to facilitate a migration, you should not disable it permanently though.

Migrating VMs from 5.5 => 7.0 is possible by using the workaround above, although you may need to tweak some other things depending on your exact (c)ESXi version and build.

Doing it the other way around 7.0 => 5.5 could be a real pain if possible at all.

In your post you say that you are migrating VMs 5.5 => 7.0, you then talk about not being able to connect from 7.0 => 5.5. Is that an error in your description?, or there is something we are missing.

UPDATE:
New (c)XSIBackup-App appliance runs on CentOS 7 which is a full fledged Linux OS. Thus it will allow you enable any deprecated algorithm in OpenSSH as well as install any software that you may need. It's a much more flexible tool, as it doesn't run in the (c)ESXi OS and is not constrained by its limitations and cut down features. Download at Sourceforge.net: https://sourceforge.net/projects/xsibackup-app/

Jimb

Member

Registered: 2022-03-18

Posts: 2

Re: ssh_dispatch_run_fatal connection to port 22: invalid argument

Thank you very much for the prompt response!

"you then talk about not being able to connect from 7.0 => 5.5" by that I meant I'd installed XSIBackup on the v7.0 server and was going to use it to pull the VMs from the 5.5 server.

"Migrating VMs from 5.5 => 7.0 is possible, although you may need to tweak some things depending on your (c)ESXi version and build" - what kind of tweaks? Most of the VM migration has gone fine except for this one 1TB VM that I need to move. All the methods I've tried keep timing out.

admin

Administrator

Registered: 2017-04-21

Posts: 2,055

Re: ssh_dispatch_run_fatal connection to port 22: invalid argument

It just doesn't work that way.
We do not state anywhere that the software works that way (pulling VMs from one remote server to the local one). It works right the opposite way, you push VMs from the server where they are to a target server.

Please read the manual and examples, run some simple jobs to try the software out and then add more arguments as you learn to use the software.

Using (c)XSIBackup is very straight when you keep things under some fair degree of control. That means migrating VMs between hosts that keep some minimum level of uniformity: compatible SSH versions, compatible hardware versions and also compatible VMFS versions.

There are many different builds even under the same version number, not only those released by (c)VMWare but also from many manufacturers: DELL, HP, Fujitsu, etc...

Pushing VMs from 5.5 to 7.0 should be straight most of the times, still if your environment requires it, you may need to enable some deprecated cipher in the sshd_config file of the target system, disable FIPS, open ports in between the servers, etc.... There is no way you can escape from learning how OpenSSH works once you cross some given threshold of complexity.