The vRSLCM root password is in a disconnected state under Password Management in the SDDC UI.
The VCF version in use is 4.x or 5.0.x.
The vRSLCM version is 8.14.x.
Existence of weak SHA1 algorithms and ciphers on Aria Suite Lifecycle
Logs snippets on the SDDC Manager /var/log/vmware/vcf/operationsmanager/operationsmanager.log show entries similar to:
1. Snapshot the vRSLCM appliance
2. SSH to the vRSLCM appliance as root user
3. Backup sshd_config
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
4. Edit sshd_config file on the vRSLCM appliance
vi /etc/ssh/sshd_config
5. Add the following key hash algorithms on the 'MACs' line:
hmac-sha2-512,hmac-sha2-256
e.g. # Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
Ciphers [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],hmac-sha2-512,hmac-sha2-256
AllowGroups wheel
# PermitTTY no
# ForceCommand cvs server
UsePrivilegeSeparation yes
RhostsRSAAuthentication no
DenyGroups cap_vami_users
6. Restart the sshd service
systemctl restart sshd.service