Jump to content
NAKIVO Community Forum

Leaderboard

Popular Content

Showing content with the highest reputation since 07/01/21 in all areas

  1. Thank you so much for your help. It worked for me using win SCP.
    2 points
  2. I added 4 workstations, which were shut down for the night, to my inventory. Is it possible to stop the errors for the non-responding workstations and the error for the transporters (the same as for the workstations) that do not respond? (or can I turn it into an alert so I won't receive any emails?). For the errors of the workstations I receive an email every 2 hours and another email for the transporters (the same of the workstations). Do you think for the future to create a dedicated section where we can configure alerts and error messages? It would be useful to be able to check the presence of the workstation and the transporter only when the backup is to be done. I understand for a server that it should always be on, but for a workstation it can happen that it is turned off for the night or for the weekend or for the holidays. Just as it was thought, the management of physical machines is unmanageable for an inventory with some workstations other than 3 or 4. The error messages generated in this case risk losing focus on the really important error messages (real transporters not responding, storage not responding, vcenters or resources that must always be present that do not respond). Loris
    1 point
  3. hello everyone I've enable ssh and shell in my server, but if i try to add inventory, nakivo tell me that ssh is not enable. how can i solve this problem? Thanks
    1 point
  4. Either remotely collect it using Win SCP and edit it locally. Or use Vi. You just alter the 3 lines shown in the thread. You can do it remotely if you can ssh into box remotely (switch this on in VMWare).
    1 point
  5. Hello, @Mike Spragg can you please explain how exactly the "sshd_config" file is modified? Is ist possible to make the changes remote? Maybe you can explain the necessary steps? Thank you in advance! Axel
    1 point
  6. Hello, Indeed, there is no client portal with authentication. So for those who would ask the question like me. The first time you have to download items, take them all. If you want an old version, you will have to ask the support. Thank you @Mario and Mr. or Ms Official Moderator.
    1 point
  7. Hello, I tried to contact Nakivo support by chat but the person did not want to answer my questions. So I try here. Our company has just acquired 100 Nakivo BR Enterprise workloads. I have installed the director from the installation file in trial version. The trial version was in 10.2 and since I updated it to 10.3. I found the update download page by chance (or google search). Everything is working and I have no particular problems. I would like to know the following things: Is there a customer portal : - Which allows us to download Nakivo without going through the download form for trial versions? - that allows us to access a history of support requests? Do the support technicians in Europe speak French? Thank you in advance for your help. Roland Belistan
    1 point
  8. After a successfull backup of our file server (virtual), If I test a Recovery task, I cannot find data partition (bitlocker encrypted) but only o.s. partition is available for granular selection of files. Where I'm wrong ? backup size seems correct (1TB) but I can see only 3 parts; the most important (data part) seems has been skipped for some reason. Anybody experienced this issue ? Alex
    1 point
  9. Thanks for the response. Is your roadmap accessible online?
    1 point
  10. Hi Roland You can download all the stuff from this link: https://www.nakivo.com/resources/download/update/ For the rest, let's wait for an answer from the Nakivo Mods. Mario
    1 point
  11. Hi - is it possible that this article is modified - it doesn't say what to change only what requirements are and a little vague. Just needs direction to modify /etc/ssh/sshd_config and to modify those lines mentioned above e.g. KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 This adds the right KexAlgorithm, HostKeyAlgorithms and Ciphers That way, it's more specific to the solution. Thanks !!
    1 point
  12. @Mike Spragg, thanks a lot for your contribution to our blog! Sharing is caring
    1 point
  13. ok thanks it's good
    1 point
  14. That's not the relevant part - the "file" (as I can't attach it) are shown above - you only need to modify the lines: KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 This adds the right KexAlgorithm, HostKeyAlgorithms and Ciphers (the original shows what they are now in 7.0U1) The file you need to modify is /etc/ssh/sshd_config
    1 point
  15. Hi # running from inetd # Port 22 what is inetd, a program? I do it via putty thanks
    1 point
  16. In HotAdd mode, virtual plates from the virtual machines being supported up are naturally mounted to the intermediary, so they can be gotten to by the intermediary as neighborhood circles. The ESX have the intermediary is running on should approach all datastores for the virtual machine. In the event that the virtual machine and the intermediary are not on a similar host, all datastores should be divided among the hosts and the hosts should be inside the equivalent datacenter. In the event that SAN mode isn't accessible, HotAdd mode can accomplish near SAN mode execution. To empower gradual reinforcements of virtual circles, Changed Square Following (CBT) should be utilized for the main full reinforcement. (CBT is empowered for reinforcements of course.)
    1 point
  17. To back up the virtual machine: Ensure your virtual machine is in a powered off state. Locate the virtual machine folder. Right-click the virtual machine folder and click Copy. Navigate to the folder in which you want to store the backup, right-click anywhere within the folder, and click Paste. 24-Sep-2018
    1 point
  18. Same problem with NAKIVO Appliance and Transporter + Repository on SYNOLOGY Same trick wor like a charm BUT: First stage on SYNOLOGY /volume1/@appstore/NBR-Transporter# ./nkv-bhsvc stop ./bhsvc -b "<UsePassword>" Aftter these restart Service from Synology console Connect to NAKIVO Console , edit Transporter , Connect .et voila :))
    1 point
  19. ok, thanks again Mike.
    1 point
  20. Correct, you didn't. In 7.0U2 they [VMWare] uprated/hardened the security requirements through ssh. By doing this change you've reverted that change by VMWare.
    1 point
  21. Thank you very much. I solved the problem, but i don't understand. This problem shows up with the latest version of vmware (7.02) because with 7.0 i never had this problem.
    1 point
  22. Thank you ! I hit this problem pretty much straight away as soon as 10.3 came out. Unfortunately, there is a down side insofar as you are weakening what was a hardened system so hopefully fixed in 10.4 without the need to do this.
    1 point
  23. You have to modify VMWare itself: https://helpcenter.nakivo.com/display/KB/SSH+Requirements+for+NAKIVO+Backup+and+Replication without the mods to sshd_config - it will never see it. KexAlgorithms HostKeyAlgorithms Ciphers I've include the original and replacement files. Changed: # Version 7.0.2.1 # running from inetd # Port 22 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key # Fips mode restricts ciphers to only FIPS-permitted ciphers FipsMode yes # vPP FCS_SSH_EXT.1.7: rekey after 1GB, 1H (instead of default 4GB for AES) RekeyLimit 1G, 1H SyslogFacility auth LogLevel info PermitRootLogin yes PrintMotd yes TCPKeepAlive yes # Key algorithms used in SSHv2 handshake # (ed25519 not allowed by current FIPS module) KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5 UsePAM yes # only use PAM challenge-response (keyboard-interactive) PasswordAuthentication no Banner /etc/issue Subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server -f LOCAL5 -l INFO AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys # Timeout value of 10 mins. The default value of ClientAliveCountMax is 3. # Hence, we get a 3 * 200 = 600 seconds timeout if the client has been # unresponsive. ClientAliveCountMax 3 ClientAliveInterval 200 # sshd(8) will refuse connection attempts with a probability of "rate/100" # (30%) if there are currently "start" (10) unauthenticated connections. The # probability increases linearly and all connection attempts are refused if the # number of unauthenticated connections reaches "full" (100) MaxStartups 10:30:100 # ESXi is not a proxy server AllowTcpForwarding no AllowStreamLocalForwarding no # The following settings are all default values. They are repeated # here to simplify auditing settings (for example, DoD STIG). IgnoreRhosts yes HostbasedAuthentication no PermitEmptyPasswords no PermitUserEnvironment no StrictModes yes Compression no GatewayPorts no X11Forwarding no AcceptEnv PermitTunnel no # The following settings are disabled during the OpenSSH build. # They are commented out to avoid spurious warnings in log files. #GSSAPIAuthentication no #KerberosAuthentication no Original # Version 7.0.2.1 # running from inetd # Port 22 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key # Fips mode restricts ciphers to only FIPS-permitted ciphers FipsMode yes # vPP FCS_SSH_EXT.1.7: rekey after 1GB, 1H (instead of default 4GB for AES) RekeyLimit 1G, 1H SyslogFacility auth LogLevel info PermitRootLogin yes PrintMotd yes TCPKeepAlive yes # Key algorithms used in SSHv2 handshake # (ed25519 not allowed by current FIPS module) KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-256,hmac-sha2-512 UsePAM yes # only use PAM challenge-response (keyboard-interactive) PasswordAuthentication no Banner /etc/issue Subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server -f LOCAL5 -l INFO AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys # Timeout value of 10 mins. The default value of ClientAliveCountMax is 3. # Hence, we get a 3 * 200 = 600 seconds timeout if the client has been # unresponsive. ClientAliveCountMax 3 ClientAliveInterval 200 # sshd(8) will refuse connection attempts with a probability of "rate/100" # (30%) if there are currently "start" (10) unauthenticated connections. The # probability increases linearly and all connection attempts are refused if the # number of unauthenticated connections reaches "full" (100) MaxStartups 10:30:100 # ESXi is not a proxy server AllowTcpForwarding no AllowStreamLocalForwarding no # The following settings are all default values. They are repeated # here to simplify auditing settings (for example, DoD STIG). IgnoreRhosts yes HostbasedAuthentication no PermitEmptyPasswords no PermitUserEnvironment no StrictModes yes Compression no GatewayPorts no X11Forwarding no AcceptEnv PermitTunnel no # The following settings are disabled during the OpenSSH build. # They are commented out to avoid spurious warnings in log files. #GSSAPIAuthentication no #KerberosAuthentication no
    1 point
×
×
  • Create New...