scp command allows files to be copied between two vmware ESXi hosts. It uses SSH for data transfer and provides the same authentication and level of security as SSH.
In this blog post, we will see how to copy files between vmware ESXi hosts by usng SCP. We will also see how to fix below error during the copy process.
“rekeyed outbound cipher” “rekeyed inbound cipher” and copy process is getting stalled.
Table of Contents
Steps to copy files between ESXi hosts using SCP
- First make sure the Port 22 is open between source and destination ESXi host. To test port 22 from source or destination, you can follow below steps:
- Connect to Source ESXi Host using Putty. Open Putty -> Type the IP Address of ESXi Host and connect on port 22 to open the shell. Login using root or admin account.
- Use the command
nc -z <destination esxi host ip> <destination port number>
. For example if the destination ESXi host is 10.20.88.4 then use commandnc -z 10.20.88.4 22
to check if port 22 is opened. You should see a succeeded ! message if the port is opened.
- On source and destination ESXi hosts make sure
TSM-SSH
Service is in Running State. To check if this running, follow below steps:
- Launch vmware ESXi management portal.
- Click on Manage on the left hand side.
- Click on Services tab.
- Fing TSM-SSH service from the list and make sure the status is showing as Running.
- Make sure SSH Client in ESXi Networking Firewall rules is Enabled on both source and destination ESXi hosts. To check if this SSH Client is enabled, follow below steps:
- Launch vmware ESXi management portal.
- Click on Networking on the left hand side.
- Click on Firewall rules tab.
- Click on SSH Client and then Click on Actions.
- Click on Enable to enable SSH Client.
- Copy files between two Esxi hosts using SCP Command.
scp <source file or folder path> root@<destination esxi hostname or IP>:<destination folder path>
Example
scp /vmfs/volumes/datastore1/server1/* [email protected]:/vmfs/volumes/LocalDataStore/server1
“rekeyed outbound cipher” “rekeyed inbound cipher” and copy process is getting stalled error
After you run scp
command to copy the data across to destination ESXi. You may get messages like “rekeyed outbound cipher” “rekeyed inbound cipher” with stalled status.
Below is a screenshot of the stalled error message.
Despite the stalled error, It may keep on trying to copy the files and you will get rekeyed outbound cipher and rekeyed inbound cipher message repeatedly. Below is the screenshot which shows the error message.
The workaround is to use the -l switch of the command and throttle the bandwidth. You can adjust the value of -l switch according to your requirement. You can start with higher value and keep on throttling / lowering the value till you find its running successfully without any issues.
-l limit – Limits the used bandwidth, specified in Kbit/s.
1 MB/s = 8192 Kbit/s.
scp -l 8192 /vmfs/volumes/datastore1/server1/* [email protected]:/vmfs/volumes/LocalDataStore/server1
Below is the screenshot of the scp command with -l switch. It does not show stalled error message any more and data is being between two vmware ESXi hosts successfully.
Conclusion
In this blog post, we have seen how to copy files between two vmware ESXi hosts using SCP command. Also, if you get stalled error message during the copy process you can fix it by limiting the bandwidth for the copy operation using -l switch. This should fix this issue and copy the data between two ESXi hosts.
While using rsync on ESXi 7 to copy files and directories from one ESXi datastore to another remote ESXi datastore, the screen fills with “rekeyed outbound cipher rekeyed inbound cipher” messages about every 10 seconds. There is a way to fix this.
There is a setting in /etc/ssh/sshd_config that I commented out and changed to RekeyLimit default none.
# vPP FCS_SSH_EXT.1.7: rekey after 1GB, 1H (instead of default 4GB for AES)
RekeyLimit default none
#RekeyLimit 1G, 1H
Restart the service on the target ESXi.
/etc/init.d/SSH restart
Stop the rsync from the source ESXi and restart it. No more messages.
What is the rekeylimit?