To correct this issue, modify or restore the
Ciphers line in
/etc/ssh/sshd_config, or revert the file to its default parameters, as found in your running release of ESXi server.
To modify the Ciphers line in
/etc/ssh/sshd_config:
- Log into the ESXi server's shell. For additional instructions, see Using ESXi Shell in ESXi 5.x, 6.x and 7.x
- Navigate to /etc/ssh
- Make a backup copy of the sshd_config file: cp sshd_config sshd_config.bak
- Open the sshd_config file with vi editor. For additional instructions, see Editing files on an ESX host using vi or nano
- Correct the Ciphers line in sshd_config:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc
- Note: This line's default contents varies between major ESXi releases. For ESXi 7.0 GA:
Ciphers [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
- When finished, restart the SSH service: /etc/init.d/ssh restart
Alternatively, if you have another ESXi server of the same update level that is
not producing errors upon connecting, you can compare its
/etc/ssh/sshd_config configuration file contents with the impacted server's, and make adjustments, accordingly, or even copy the working configuration file to a shared datastore for eventual overwriting on the affected ESXi server(s).