Public SSH host key is incompatible with the current cryptography settings

Symptom

Unable to apply a remote backup configuration due to an incompatible public SSH host key.

Cause
  • Either the public key generated using an algorithm for the remote backup server is weak for the appliance at the current security mode. For example, a DSA key in either FIPS or CNSA mode. See the Ciphers for secure connection between HPE OneView and backup server listing the support cipher algorithms for each HPE OneView release.
  • The length of the RSA key is not long enough. For example, RSA 1024 bits versus RSA 2048 bits.

There have been instances where the generation of a 2048-bit key by some programs (in one case by CompleteFTP) has occasionally resulted in a 2047-bit key.

Action
Ensure to install the public or private key pair of sufficient strength and length on the remote backup server and paste (or discover in 4.2 or later) that public key when configuring the remote backup location.