Not really a question but a bug and a solution...
I have run into an issue since installing VCSA 7.0.1.00300 build 17491101. We use an HTTP and HTTPS proxy in our environment so this was configured under Networking -> Proxy Settings. This was also configured as an FTP proxy, although this would never be used in practice.
I then tried to set up SFTP backups under Backup -> Backup Schedule. On trying to submit the form with the settings, this failed immediately with a very generic error along the lines of "General error reported by the backup server". I reviewed /var/log/vmware/applmgmt/applmgmt.log and found the following:
2021-03-04T14:02:27.774 INFO:vmware.appliance.vapi.auth:Authorization request for service_id: com.vmware.appliance.health_check_settings, operation_id: update 2021-03-04T14:02:27.775 DEBUG:vmware.vherd.base.authorization_local:Verify privileges user (root) privilege ['ModifyConfiguration'] 2021-03-04T14:02:27.777 DEBUG:root:Validated user privileges in localstore or SSO 2021-03-04T14:02:27.779 DEBUG:vmware.appliance.update.update_state:In State._get using state file /etc/applmgmt/appliance/software_update_state.conf 2021-03-04T14:02:27.864 INFO:vmware.appliance.vapi.auth:Authorization request for service_id: com.vmware.appliance.recovery.backup.schedules, operation_id: create 2021-03-04T14:02:27.864 DEBUG:vmware.vherd.base.authorization_local:Verify privileges user (root) privilege ['ModifyConfiguration'] 2021-03-04T14:02:27.865 DEBUG:root:Validated user privileges in localstore or SSO 2021-03-04T14:02:27.866 DEBUG:vmware.appliance.update.update_state:In State._get using state file /etc/applmgmt/appliance/software_update_state.conf 2021-03-04T14:02:27.869 DEBUG:vmware.appliance.backup_restore.ScheduleManager:Schedule data file /storage/applmgmt/backup_restore/backup_schedule.json does not exist. 2021-03-04T14:02:27.870 DEBUG:vmware.appliance.backup_restore.schedule_impl:Validating schedule spec. 2021-03-04T14:02:27.871 INFO:plugins.CurlLib:Proxy is enabled. Protocol: ftp, proxy: http://proxy.ip.address:port/ 2021-03-04T14:02:27.926 ERROR:plugins.FtpStorageIOLib:sftp cmd failed. RC: 22, Err: curl: (22) The requested URL returned error: 403 , Cmd: ['/usr/bin/curl', '--fail', '-u', 'backupusername:****', '--connect-timeout', '10', '--ssl-reqd', '-k', '--proxy', 'http://proxy.ip.address:port/', '--proxytunnel', '--silent', '--show-error', '--list-only', 'sftp://sftp.ip.address:22/path/']
Turning off the FTP proxy settings resolved this issue. So it looks as though when an FTP proxy is set, the VCSA tries to validate the SFTP credentials via the FTP proxy settings using curl. Since V7 of VCSA the URL scheme has changed from scp:// to sftp:// - my hunch would be that whatever is parsing this URL is matching 'ftp' and treating it as an FTP connection and trying to proxy it. Obviously this will never work - it is my understanding that because at its heart SFTP is based on SSH connectivity, it cannot go through a traditional web proxy... You could issue a CONNECT on port 22 but the vast majority of proxies will not permit that, and I don't know if that's how curl behaves.