Enabling SSH for non-root users in ESXi 4.x fails with the error: Access denied
search cancel

Enabling SSH for non-root users in ESXi 4.x fails with the error: Access denied

book

Article ID: 309835

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides steps to enable local user accounts on the ESXi hosts, allowing local users connect to the hosts using SSH remotely. By default, SSH is disabled for non-root users in ESXi 4.0 hosts and ESXi 4.1 hosts.

Symptoms:
  • You cannot connect to the ESXi 4.x host as a non-root user using Secure Shell (SSH).
  • Connecting to the ESXi 4.x host as a non-root user using SSH fails.
  • You see the error:

    login as: username
    [email protected]'s password:
    Access denied


Environment

VMware ESXi 4.0.x Installable
VMware ESXi 4.0.x Embedded
VMware ESXi 4.1.x Embedded
VMware ESXi 4.1.x Installable

Resolution

To resolve this issue, enable SSH access for non-root users.

To enable SSH access for non-root users:
  1. Create a user account on the ESXi 4.x host using one of these options:

    • Create a user account using the vSphere Client.

      Using the vSphere Client:
      1. Connect to the host directly using the vSphere Client with root credentials.
      2. Click the Local Users & Groups tab.
      3. Right-click anywhere in the tab, then click Add.
      4. Enter a log in name and password.
      5. Click OK.

    • Create a user account using the useradd command.

      Using the useradd command:

      Note: Remember to set a password for this user account.

      1. Connect to the host via SSH with root credentials:

        mkdir -p /home/username

      2. Create the user:

        useradd test -d /home/username -s /bin/bashConnect to the host directly using the vSphere Client with root credentials.

  2. Click the Permissions tab.
  3. Right-click Add Permission then click Add.
  4. Select the newly created local user from the list and click Add.
  5. Assign the Administrator role to the user then click OK.
  6. Verify the user is setup correctly when connected to the host via SSH as root:

    1. Take a backup of the /etc/passwd file.
    2. Verify if the user's /home/username directory exists. If not, create it with the command:

      mkdir -p /home/username

    3. Edit the /etc/passwd file and locate the new user account you have created:

      Note: By default in an ESXi 4.1 host, the new user account is created with the shell set to /sbin/nologin. In an ESXi 4.0 host, it is set to /bin/false.


    4. Set the shell to:

      /bin/bash
    5. Set the /home directory to the user's /home/username directory.
    6. Save and quit the file.

  8. Restart the inetd service with the command:

    services.sh restart


Powered by Wolken Software