Unable to SSH with ESXi root user
search cancel

Unable to SSH with ESXi root user

book

Article ID: 345091

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

To enable login with SSH using root account.

Symptoms:
  • Login with SSH using root account fails. However, we can login to DCUI and Host Client with the root credentials
  • Login with SSH using admin user is successful.
  • Lockdown mode is disabled.
  • Checked in var/log/vobd.log and verified that there's no root account locking.
  • Below given log snippet from var/log/auth.log
**auth.log**
yy-mm-dd sshd[2103285]: Connection from X.X.X.X port 55338
yy-mm-dd sshd[2103294]: pam_access(sshd:account): access denied for user `root' from `X.X.X.X'
yy-mm-dd sshd[2103294]: [module:pam_lsass]pam_sm_acct_mgmt failed [login:root][error code:2]
yy-mm-dd sshd[2103294]: [module:pam_lsass]Converting error to 40008 for root
yy-mm-dd sshd[2103285]: error: PAM: User account has expired for root from X.X.X.X
yy-mm-dd sshd[2103285]: error: Received disconnect from X.X.X.X port 55338:14: No supported authentication methods available [preauth]
yy-mm-dd sshd[2103285]: Disconnected from authenticating user root X.X.X.X port 55338 [preauth]

Environment

VMware vSphere ESXi 7.0.x
Vmware vSphere ESXi 8.0.x

Cause

Root account not being part of the admin role.

Resolution

Run the below command and check the Role for the root user:
#esxcli system permission list
if the Role for root is set to Custom instead of Admin, please run the below command:
#esxcli system permission set --id root -r Admin

SSH using root account should work afterwards.

Additional Information

Impact/Risks:
No impact