scp command allows files to be copied between two VMware ESXi hosts. It uses SSH for data transfer and provides the same authentication and level of security as SSH.
In this blog post, we will demonstrate the steps to copy files between VMware ESXi hosts by using SCP. We will also see how to fix an error during the copy process. rekeyed outbound cipher, rekeyed inbound cipher and copy process is getting stalled.
Contents
Copy files between ESXi hosts using SCP
- Ensure that the Port 22 is open between source and destination ESXi host. To test port 22 from source or destination, you can follow below steps:
- Connect to the source ESXi host using Putty. Open Putty > Type the IP Address of ESXi Host and connect on port 22 to open the shell. Login using root or admin account.
- Use the command nc -z <destination esxi host ip> <destination port number>. For example, if the destination ESXi host is 10.20.88.4 then use the command nc -z 10.20.88.4 22 to check if port 22 is opened. You should see a
succeeded !message if the port is opened.
- On source and destination ESXi hosts, make sure
TSM-SSHService is in Running State. To check if this running, follow below steps:
- Launch VMware ESXi management portal.
- Click on Manage on the left-hand side.
- Click on Services tab.
- Find TSM-SSH service from the list and make sure the status is showing as Running.
- Ensure that the SSH Client in ESXi Networking Firewall rules is Enabled on both source and destination ESXi hosts. To check if this SSH Client is enabled, follow below steps:
- Launch VMware ESXi management portal.
- Click on Networking on the left-hand side.
- Click on Firewall rules tab.
- Click on SSH Client and then Click on Actions.
- Click on Enable to enable SSH Client.
- Copy files between two ESXi hosts using SCP Command.
scp command
scp <source file or folder path> root@<destination esxi hostname or IP>:<destination folder path>Example:
scp /vmfs/volumes/datastore1/server1/* [email protected]:/vmfs/volumes/LocalDataStore/server1
rekeyed outbound cipher rekeyed inbound cipher and copy process is getting stalled error
After you run scp command to copy the data across to destination ESXi. You may get messages like rekeyed outbound cipher rekeyed inbound cipher with stalled status. Below is a screenshot of the stalled error message.
Despite the stalled error, It may keep on trying to copy the files, and you will get rekeyed outbound cipher and rekeyed inbound cipher message repeatedly. Below is the screenshot which shows the exact error message.
The workaround is to use the -l switch of the command and throttle the bandwidth. You can adjust the value of -l switch according to your requirement. You can start with higher value and keep on throttling/lowering the value till you find it’s running successfully without any issues.
-l limit - Limits the used bandwidth, specified in Kbit/s.
1 MB/s = 8192 Kbit/s.
scp -l 8192 /vmfs/volumes/datastore1/server1/* [email protected]:/vmfs/volumes/LocalDataStore/server1Below is the screenshot of the SCP command with -l switch. It does not show stalled error message any more and data is being between two VMware ESXi hosts successfully.
While using rsync on ESXi 7 to copy files and directories from one ESXi datastore to another remote ESXi datastore, the screen fills with “rekeyed outbound cipher rekeyed inbound cipher” messages about every 10 seconds. There is a way to fix this.
There is a setting in /etc/ssh/sshd_config that I commented out and changed to RekeyLimit default none.
# vPP FCS_SSH_EXT.1.7: rekey after 1GB, 1H (instead of default 4GB for AES)
RekeyLimit default none
#RekeyLimit 1G, 1H
Restart the service on the target ESXi.
/etc/init.d/SSH restart
Stop the rsync from the source ESXi and restart it. No more messages.
What is the rekeylimit?