Enabling Secure Shell (SSH) Access for Local Users/Domain or AD Users/Groups users on vSphere ESXi Hosts (7.x/8.x)
Article ID: 323375
Updated On:
Products
Issue/Introduction
When attempting to establish an SSH connection to the ESXi host using PuTTY with a non-root user account, the connection fails with the error message 'No Supported authentication methods available (server sent: publickey, keyboard-interactive).'
Environment
VMware vSphere ESXi
Resolution
As a workaround to grant SSH access to a local/Domain user or AD Users/Groups, please follow the steps below:
- Log in to the ESXi host client
- Navigate to Manage>Security & users> Users> Add user (Add desired user name and password)
- Right click on the Host> Permissions
- Add the newly created user, assign a role to the user (For example read-only)
- Log in to the ESXi host through SSH with the root account
- To make changes to the access.conf:
vi /etc/security/access.conf
You will see an output similar to the below (Note: Test is can be a local/Domain Read-only user)# This file is autogenerated and must not be edited. +:dcui:ALL +:root:ALL +:vpxuser:ALL -:Test:ALL -:ALL:ALL- Press I to edit
- Change "-:Test:ALL" to "+:Test:ALL"
- Press ESC
- Then press ":wq!" to save, and try to access the SSH using the locally configured user.
- Retry to log in through another SSH with the newly created user
Additional Information
Please note that this workaround is not persistent. After each host reboot, the SSH access configuration for the specific local user must be reapplied to maintain the desired access.
With this method, we can provide Read and Write SSH access to any user created in ESXI, hence access cannot be restricted to Read-Only SSH.
However, since user is added in Read-Only group, user will have restricted access at UI level.
Feedback
