Step 3. Specify Credentials and SSH Settings

At the SSH Connection step of the wizard, specify credentials for the Linux server and additional SSH connection settings.

  1. From the Credentials list, select credentials for the account that has permissions described in section Permissions. You can select a credentials record that uses the password authentication method or credentials record that uses the Identity/Pubkey authentication method.

Note

The account you selected must have the home directory created on the Linux server.

If you have not set up credentials beforehand, click the Manage accounts link or click Add on the right to add the credentials. For more information, see Managing Credentials.

To add a Linux server that you want to use as a hardened repository, click Add and select Single-use credentials for hardened repository. For more information about preparing a Linux server and setting up credentials, see Adding Hardened Repository.

Note

If you add a Linux server with single-use credentials, consider the following:

  • The folder with the repository must be accessible for accounts with user permissions (and not only root).
  • SSH connection is necessary only for the deployment and upgrade of Veeam Data Mover, or transport service. The transport service will be used to communicate with backup infrastructure components without the SSH connection. For security purposes, after you added the Linux server, you can disable SSH connection for the user account you use to connect to the Linux server. If you can work with the server from the console, disable SSH connection for the server itself.

Step 3. Specify Credentials and SSH Settings 

  1. To configure SSH settings, click Advanced. This option becomes available after you have entered your credentials. In the SSH Settings window:
  1. In the Service console connection section, specify an SSH timeout. By default, the SSH timeout is set to 20000 ms. If a task targeted at the Linux server is inactive after the specified timeout, Veeam Backup & Replication will automatically terminate the task.
  2. In the Data transfer options section, specify connection settings for file copy operations. Provide a range of ports that will be used as transmission channels between the source host and target host (one port per task). By default, Veeam Backup & Replication uses port range 2500-3300. If the virtual environment is not large and data traffic will not be significant, you can specify a smaller range of ports, for example, 2500-2509 to run 10 concurrent tasks at the same time.

Port 6162 is opened by default. It is a port used by Veeam Data Mover.

Note

If you want to open these ports only for certain firewalld zones, you can specify the required zones in the configuration files. For instructions, see the Before You Begin section.

  1. [For Linux server deployed outside NAT] In the Preferred TCP connection role section, select the Run server on this side check box. In the NAT scenario, the outside client cannot initiate a connection to the server on the NAT network. As a result, services that require initiation of the connection from outside can be disrupted. With this option selected, you will be able to overcome this limitation and initiate a "client-server" connection — that is, a connection in the direction of the Linux server.

The option applies if one of the following roles is assigned to the server: source VMware backup proxy in backup or replication scenarios, source repository in the backup copy scenario.

You can also change the SSH port over which you want to connect to the Linux server. For this, click the Manage accounts link and edit the account used to connect to the Linux server.

Step 3. Specify Credentials and SSH Settings 

  1. When you add a Linux server, Veeam Backup & Replication saves a fingerprint of the Linux host SSH key to the configuration database. During every subsequent connection to the server, Veeam Backup & Replication uses the saved fingerprint to verify the server identity and avoid the man-in-the-middle attack.

To let you identify the server, Veeam Backup & Replication displays the SSH key fingerprint:

    • If you trust the server and want to connect to it, click Yes.
    • If you do not trust the server, click No. Veeam Backup & Replication will display an error message, and you will not be able to connect to the server.

Note

When you update an SSH key on a server, this server becomes unavailable in the Veeam Backup & Replication console. To make the server available again, acknowledge the new SSH key at the SSH Connection step of the Edit Server wizard.

Step 3. Specify Credentials and SSH Settings 

Page updated 2/23/2024

Page content applies to build 12.1.1.56