When attempting to add a managed Linux server, you may receive one of the errors below.
Failed to negotiate key exchange algorithm Client encryption algorithm not found Server HMAC algorithm not found
When Veeam connects to a Linux target, we require Diffie-Helman key exchange capabilities for successful secure connections and to reduce the possibility that a password will not be intercepted when authenticating to the storage. In some Linux distributions, /etc/ssh/sshd_conf is missing the KexAlgorithms and Cipher fields to describe which methods are supported by the SSH daemon.
Review the configuration of your /etc/ssh/sshd_config file and verify at least one of the Ciphers, KexAlgorithms, and MACs listed below are present
3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc, arcfour, twofish
Supported Key Exchange algorithms:
diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1
hmac-md5, hmac-md5-96, hmac-sha1, hmac-sha1-96, hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, hmac-sha2-512-96, hmac-ripemd160, email@example.com
See the man page for your sshd_config file and/or query for the supported ciphers, key exchange algorithms and keyed-hash message authentication codes using the following command:
If needed, modify the sshd_config file. Then, to generate the newly added keys, run
and restart the sshd service on the machine (reboot works fine, too).
Some systems offer an option in the GUI to disable or re-enable SSH logon, but these do not always actually restart the daemon. Typically, it is best to restart the service using the command
service ssh restart
or your distribution’s equivalent.