Linux Hosts Authentication
In the Linux hosts authentication section of the Veeam Backup & Replication settings, you can specify SSH fingerprint verification settings for protected Linux machines.
Note |
Veeam Backup & Replication uses the SHA-256 hashing algorithm for verification. If you upgrade from previous versions, SSH fingerprint format will be updated automatically during next rescan or next connection to the Linux machine through SSH. |
You can select one of the following options:
- Add all discovered hosts to the list automatically — Veeam Backup & Replication allows all Linux servers added to the protection group and all Linux VMs to connect to the backup server. Machine fingerprints are added to the Veeam Backup & Replication database and checked every time when machines establish a connection with the backup server. If SSH fingerprints do not match, the connection fails.
- Add unknown hosts to the list manually — this option provides a more secure environment because only trusted Linux servers and Linux VMs can connect to the backup server:
- Machines that have already established a connection with the backup server and have their fingerprints stored in the Veeam Backup & Replication database. You can export the list of trusted machines to the known_hosts file. To do this, click Export and specify a path to the folder to save the file.
- Machines specified in the known_hosts file imported to Veeam Backup & Replication. To import the known_hosts file, click Import and specify a path to the folder where the file resides.
When you specify a trusted host in the known_hosts file, it must follow the same format as the ~/.ssh/known_hosts file. It must include the network name hash, the type of key, and the public key.
Example of a trusted host entry:
|1|y/XiVUB2z/ZBb3vuOYm0x9RUiQA=|9zTpxEaAKbGPe7JyS/OyIWvsTz8= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHhO7S1tp0EAgainstjkXSAi4a+JIPKnTUpABC8BGyWk9 |
Veeam Backup & Replication displays the number of trusted machines in the Trusted hosts field.
Untrusted Linux VMs are displayed under the Untrusted node in the Inventory view. Untrusted Linux servers are displayed under the Unavailable node in the Backup Infrastructure view. These machines cannot connect to the backup server and download Veeam Agent for Linux installation packages during discovery. Also, guest OS processing of untrusted VMs will fail.
To start managing an untrusted Linux machine, you need to validate its fingerprint manually in the Veeam Backup & Replication console. For more details, see Validating SSH Fingerprints.