vCenter upgrade in vSphere+ could leave extra content in SSH key files.
search cancel

vCenter upgrade in vSphere+ could leave extra content in SSH key files.

book

Article ID: 312128

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

After vCenter was upgraded in vSphere+ (via VMware Cloud Console), sometimes the SSH key files in /etc/ssh directory in the upgraded vCenter could contain extra content. In such cases, the next upgrades could fail with "The operation has been suspended due to a service's restart" or similar errors.

Environment

VMware vSphere ESXi 7.0.x
VMware vSphere ESXi 8.0.x

Cause

During the vCenter upgrade in vSphere+, sometimes the SSH key files in /etc/ssh directory could not be correctly copied to the target VC. As result the files might contain some extra content.

Resolution

Follow the below mentioned steps:

The SSH key files in /etc/ssh directory must be manually checked for any extra content. The following files must be verified:

/etc/ssh:
-rw------- 1 root root 0 Mar 28 20:42 ssh_host_dsa_key
-rw-r--r-- 1 root root 176 Mar 28 21:36 ssh_host_dsa_key.pub
-rw------- 1 root root 505 Mar 28 21:36 ssh_host_ecdsa_key
-rw-r--r-- 1 root root 176 Mar 28 21:36 ssh_host_ecdsa_key.pub
-rw------- 1 root root 411 Mar 28 21:36 ssh_host_ed25519_key
-rw-r--r-- 1 root root 96 Mar 28 21:36 ssh_host_ed25519_key.pub
-rw------- 1 root root 1823 Mar 28 21:36 ssh_host_rsa_key
-rw-r--r-- 1 root root 396 Mar 28 21:36 ssh_host_rsa_key.pub


Each ".pub" file must contain a single text line, that looks like the below (example):
ssh-ed25519 ZDI1WYfVAAAAC3NzaC1lZDI1WYfV6RrkW root@localhost

Any additional lines in the ".pub" files must be removed by editing the file and removing the extra lines.

The files without ".pub" extension looks like below (example):

-----BEGIN OPENSSH PRIVATE KEY-----
ABG5vbmUAAAAEbm9uZQAAAAAAb3BlbnNzaC1rZXktdjEAAAAAAABAAAAMwAAAAtzc2gtZW
bnNzaC1rZXktdjEAAAABG5vbmUAAAAEbm9uZQAAAAAAb3BlAAAABAAAAMwAAAAtzc2gtZW
djEAAAABG5vbmUAAAAEbm9
-----END OPENSSH PRIVATE KEY-----


If there are any lines after the last "-----END OPENSSH PRIVATE KEY-----", they must be removed by editing the file and removing the extra lines.

Workaround:
Currently there is no workaround.