"Access Denied" error when using SSH to login to the appliance
search cancel

"Access Denied" error when using SSH to login to the appliance

book

Article ID: 327081

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

When logging in to vCenter Server through SSH fails with Access Denied error, set the default shell for the user to bash.

Symptoms:
  • Using SSH to log in to vCenter Server Appliance fails
  • You see the error:

    Access Denied
Note: For additional symptoms and log entries, see the Additional Information section.


Environment

VMware vCenter Server 7.0.x
VMware vCenter Server 6.7.x
VMware vCenter Server 8.0
VMware vCenter Server Appliance 6.0.x

Cause

This issue occurs when the default shell for a user is set to an invalid shell.

Resolution

To confirm this issue is occurring:

First, shut down the VCSA and take a snapshot.

  1. Start the appliance up and press the space bar to freeze the GRUB menu then press e to enable edit mode.
  2. Locate the line that begins with the word Linux.
  3. Append rw init=/bin/bash to the end of the line.
  4. Press F10 to continue booting.
  5. Run the command: mount -o remount,rw /
  6. Run this command to see the shell settings for the users:
    cat /etc/passwd

    For example:

    ...
    polkituser:x:103:104:PolicyKit:/var/run/PolicyKit:/bin/false
    postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false
    root:x:0:0:root:/root:/bin/appliancesh
    ...
  7. The root entry should be root:x:0:0:root:/root:/bin/appliancesh.

If this entry does not contain /root:/bin/appliancesh review the /root/.bash_history file to see if an invalid shell was set with this command:

less /root/.bash_history

For example:

#1468577177
chsh -s "/bin/bosh" root

Note: In the example above the root user has incorrectly set the shell to "/bin/bosh". The line above is the timestamp of this event in epoch format.


To resolve this issue, set the default shell for the user to bash:

  1. Set the default Shell to BASH by running this command:

    chsh -s /bin/bash root
     
  2. Restart the appliance with the command:

    reboot

Additional Information

You experience these additional symptoms:

  • You are returned to the login screen.
  • Logging in to the VAMI (https://VC_IP:5480) using same credentials is successful.
  • Using the virtual machine console to log in fails with the error:

    Invalid Shell

    Note: This error is only displayed briefly.
     
  • In the /var/log/messages.log file, you see entries similar to:

    YYYY-MM-DDTHH:MM:SS vc sshd[23037]: User root not allowed because shell /bin/bosh does not exist



Powered by Wolken Software