I have an old 4.1 server, and need to move 1 vm to a new server running 6.7 U2
I have been using scp, and that have worked perfectly for the 5.1 servers i have done. I only have one 4.1 missing.
In a previous post : SCP between 4.1 and 6.7 no matching KexAlgo the solution was:
After running in the same trouble
login with putty on the new 6.x hypervisor
esxcli network firewall set --enabled false
deaktivate Firewall (ssh is OUTGOING disabled)
scp -oKexAlgorithms=+diffie-hellman-group1-sha1 -r root@192.168.x.x:/vmfs/volumes/datastore/nameofthevm/ /vmfs/volumes/datastore/
(192.168.x.x is the "old" 4.x hypervisor)
enable firewall
esxcli network firewall set --enabled true
I have tried a bunch of commands, but they all fail due to 4.1 using the old diffie hellman sha1.
Any help would be appreciated.
[root@svrdc067v205:~] esxcli network firewall set --enabled false
[root@svrdc067v205:~] scp -oKexAlgorithms=+diffie-hellman-group1-sha1 -r root@10.240.205.14:'/vmfs/volumes/datastore1/Software' '/vmfs/volumes/datastore1/OVA-ISO/Software'
"diffie-hellman-group1-sha1" is not allowed in FIPS mode
FIPS mode incompatible with SSH2 KexAlgorithms '+diffie-hellman-group1-sha1'.
[root@svrdc067v205:~] scp -oCiphers=3des-cbc -r root@10.240.205.14:'/vmfs/volumes/datastore1/Software' '/vmfs/volumes/datastore1/OVA-ISO/Software'
Unable to negotiate with 10.240.205.14 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
[root@svrdc067v205:~] esxcli system security fips140 ssh set --enable=false
[root@svrdc067v205:~] scp -oKexAlgorithms=+diffie-hellman-group1-sha1 -r root@10.240.205.14:'/vmfs/volumes/datastore1/Software' '/vmfs/volumes/datastore1/OVA-ISO/Software'
"diffie-hellman-group1-sha1" is not allowed in FIPS mode
FIPS mode incompatible with SSH2 KexAlgorithms '+diffie-hellman-group1-sha1'.
[root@svrdc067v205:~] scp -oCiphers=3des-cbc -r root@10.240.205.14:'/vmfs/volumes/datastore1/Software' '/vmfs/volumes/datastore1/OVA-ISO/Software'
Unable to negotiate with 10.240.205.14 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
[root@svrdc067v205:~] esxcli system security fips140 ssh get
Enabled: false
[root@svrdc067v205:~] scp -oKexAlgorithms=+diffie-hellman-group1-sha1 -r root@10.240.205.14:'/vmfs/volumes/datastore1/Software' '/vmfs/volumes/datastore1/OVA-ISO/Software'
"diffie-hellman-group1-sha1" is not allowed in FIPS mode
FIPS mode incompatible with SSH2 KexAlgorithms '+diffie-hellman-group1-sha1'.
[root@svrdc067v205:~] esxcli system security fips140 ssh set --enable=true
[root@svrdc067v205:~] esxcli network firewall set --enabled true
[root@svrdc067v205:~]
[root@svrdc067v205:~]
[root@svrdc067v205:~]
[root@svrdc067v205:~]
[root@svrdc067v205:~] esxcli network firewall set --enabled false
[root@svrdc067v205:~] scp -r root@10.240.205.14:'/vmfs/volumes/datastore1/Software' '/vmfs/volumes/datastore1/OVA-ISO/Software'
Unable to negotiate with 10.240.205.14 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
[root@svrdc067v205:~] esxcli network firewall set --enabled true
Otherwise I stuck with Datastore browser. 300GB would take quite some time.