SSH access may fail post upgrade to ESXi 7.0 Update 3d
search cancel

SSH access may fail post upgrade to ESXi 7.0 Update 3d


Article ID: 344766


Updated On:


VMware vSphere ESXi



After you upgrade to ESXi 7.0 Update 3d, SSH access might fail with one of the following symptoms:
Issue 1 :-  

  • If "AcceptEnv" option is enabled in /etc/ssh/sshd_config, then SSH access might fail due SSHD process does not start, and you see no response when connecting on the ESXi host. See the resolution section to remove this option.
Issue 2 :- 
  • If any of SSH client uses SHA-1 hash algorithm for example the ssh-rsa HostKeyAlgorithm, then SSH connection to ESXi server will fail. OpenSSH8.8 release note listed this as in Open SSH Release notes 


VMware vSphere ESXi 7.0.3


  • This is due to OpenSSH upgrade to version 8.8 to fix security vulnerability 
  • Product Support Notice was provided in the vSphere 7.0 Update 2 release, please refer the link vSphere 7.0 Update 2 release notes 


Solution for Issue 1 :- 
  • Log on the ESXi host via DCUI 
  • Execute the below command 
    • vi /etc/ssh/sshd_config
    • Comment / Remove the option "AcceptEnv"Screenshot12.png
    • Save and exit using command ":wq!"
    • Restart SSH service 
      • /etc/init.d/SSH restart
Solution for Issue 2 :-
  • Option 1 :- Preferred workaround is to use latest version of the SSH client 
  • Option 2 :- Add the ssh-rsa host key type to the HostKeyAlgorithms line of the configuration file or preferably a more secure key type such as ecdsa or rsa-sha2.
Screenshot 2022-03-29 195134.png

For further details please refer to the OpenSSH release notes