You are not logged in.
Solved. See below, but leaving it as it might help others.
XSIBACKUP-PRO 11.2.19 backing up VMs from one VMWare ESXi 6.7.0 build-14320388 server to another.
Yesterday did we have a longish power outage, longer than the capacity of our UPS so I shut down both VMWare server throgh the console, just as a precaution. Today, the night's backup of ESXI34 to ESXI36 failed. The actual error message in the log is:
The server --backup-point=10.0.20.36:22:/vmfs/volumes/datastore1 does not exist
Make sure there is an SSH server listening on 10.0.20.36 port 22 and that the fi rewall allows this connection
Nothing, that I know of, has changed here and I can connect to .36 from other machines just fine, but if I try:
ssh root@10.0.20.36
On .34 It just times out. The same command from another machine works as expected.
[root@ESXI34:~] ssh root@10.0.20.36
ssh: connect to host 10.0.20.36 port 22: Connection timed out
Both machines are connected to the same switch.
I also noted that SSH had been disabled, mysteriously on ESXI36, but I enabled that. Could it be that the linking of the servers has been broken and I should reestablish that?
[root@ESXI34:~] /scratch/XSI/XSIBackup-Pro/xsibackup --link-srv=10.0.20.36
###############################################################################
#
# (c) XSIBACKUP-PRO 11.2.19 | Backup for (c) VMWARE ESXi Hypervisor by 33hops.com
#
###################################################################################
NOTICE: (c) XSIBackup kills any user launched jobs, make sure you don't overlap manual jobs
----------------------------------------------------------------------------------------------------------
XSIBackup PID: 2117809 ESXI34.pedago.fi
Enabling port 22 out in the ESXi firewall...
----------------------------------------------------------------------------------------------------------
There is already an RSA public key at /scratch/XSI/XSIBackup-Pro/xsibackup_id_rsa.pub. We will use the existing one.
----------------------------------------------------------------------------------------------------------
Enter the remote server root password when prompted.
----------------------------------------------------------------------------------------------------------
Enter remote systems's password for user root, checking OS type...
----------------------------------------------------------------------------------------------------------
The authenticity of host '10.0.20.36 (10.0.20.36)' can't be established.
RSA key fingerprint is SHA256:E8+cQmrqe4L9aTVZdQK2VjiY+aqymSETIBbUZqoo4Lc.
Are you sure you want to continue connecting (yes/no)? yes
Password:
Enter root password again to look for its authorized_keys file...
----------------------------------------------------------------------------------------------------------
Password:
Enter root remote password to iterate existing keys...
----------------------------------------------------------------------------------------------------------
Password:
Almost done, enter root password to add RSA key and restart SSH service...
----------------------------------------------------------------------------------------------------------
Password:
The RSA key has been added to the authorized_keys file at 10.0.20.36.
----------------------------------------------------------------------------------------------------------
Rebooting local SSH service...
SSH login disabled
SSH login enabled
Rebooting remote SSH service...
----------------------------------------------------------------------------------------------------------
Killed
[root@ESXI34:~]
Yes. That was it. Fixed! Something had happened so that the ESXi server had lost its link
Offline
Thank you for sharing. (c)VMWare has recently made the SSH protocol not persistent across reboots starting in latest versions of the (c)ESXi 6.7 branch. We have published a post on how to keep SSH open after a reboot: [url=https://33hops.com/how-to-keep-your-vmware-esxi-ssh-service-up.html]Keeping the SSH protocol open in an (c)ESXi host[/url]
As far as we are concerned the keys in the [b]authorized_keys[/b] file are still persistent, so you should not need to relink the two hosts.
Although keeping the SSH port open to the outside workd can represent a security breach, this is 99% inverse proportional to the complexity of your password and 1% proportional to the possibility that a new critical bug in the OpenSSH stack if found. Of course it's disgusting to see hundreds of login attempts in your logs, thus keeping a good perimetral security is still fundamental.
Ironically the latest critical issues on (c)ESXi have come from the management agents and not the SSH protocol. Last critical issue on the SSH service happened years ago. The SSH protocol seems to be quite reliable in terms of security, take on account that it is the most widespread used server management protocol that exists, thus any issue is rapidly addressed, still we'll keep our fingers crossed.
Offline
Thanks for that explanation, makes sense. Anyway, our ESX hosts are not exposed to the outside world. Only hosts that need to, ie webservers and stuff and never port 22
Offline