"Access Denied" error when using SSH to login to the vcenter appliance
search cancel

"Access Denied" error when using SSH to login to the vcenter appliance

book

Article ID: 327081

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

When logging in to vCenter Server through SSH fails with Access Denied error, set the default shell for the user to bash.

Symptoms:

  • SSH login to the vCenter Server Appliance fails.
  • The error message displayed is: "Access Denied"

 

You may experience these additional symptoms:

  • You are returned to the login screen.
  • Logging in to the VAMI (https://VC_IP:5480) using same credentials is successful.
  • Using the virtual machine console to log in fails with the error:

    Invalid Shell

    Note: This error is only displayed briefly.
     
  • In the /var/log/messages.log file, you see entries similar to:

    YYYY-MM-DDTHH:MM:SS vc sshd[23037]: User root not allowed because shell /bin/bosh does not exist
 

Environment

VMware vCenter Server 6.x
VMware vCenter Server 7.x
VMware vCenter Server 8.x

Cause

This issue occurs when the default shell for a user is set to an invalid shell.

Follow these steps to verify if the issue is caused by an invalid shell configuration:

  1. Reboot the vCenter Appliance and press the space bar to pause the GRUB menu.
  2. Press e to enter edit mode.
  3. Locate the line that begins with the word Linux.
  4. Append rw init=/bin/bash to the end of the line.
  5. Press F10 to continue the boot process.
  6. Once the appliance has booted, run the following command to remount the root file system with read-write permissions:
    mount -o remount,rw /
  7. Run this command to see the shell settings for the users:
    cat /etc/passwd

    For example:
    ...
    root:x:0:0:root:/root:/bin/appliancesh
    ...
  8. The root entry should be root:x:0:0:root:/root:/bin/appliancesh.

If this entry does not contain /root:/bin/appliancesh review the /root/.bash_history file to see if an invalid shell was set with this command:

less /root/.bash_history

For example:

#1468577177
chsh -s "/bin/bosh" root

Note: In the example above the root user has incorrectly set the shell to "/bin/bosh". The line above is the timestamp of this event in epoch format.

Resolution

Prerequisite: Make sure to have a full backup or a snapshot of the vCenter Appliance before you proceed with the steps below:
If the vCenter is part of ELM then make sure that all the vCenter servers in ELM should take offline snapshot at the same time.

To resolve this issue, set the default shell for the user to bash:

  1. To get into grub reboot vcsa and press e
  2. Add the line init=/bin/bash
  3. Press f10 to continue booting
  4. Set the default Shell to BASH by running this command:
    chsh -s /bin/bash root
     
  5. Restart the appliance with the command:
    reboot

Additional Information

Powered by Wolken Software