• SSH access with root login may not have been enabled when initially deploying NSX.
  
  
• When attempting to establish an SSH, SCP, or SFTP connection to an NSX-T Manager or Edge node using the root account, the connection is rejected with an "Access Denied" error.
  
  
  
• As the admin user, executing command:  get service ssh  shows root login value enabled and the SSH "service state" as running.
  

The  PermitRootLogin entry is commented out in the /etc/ssh/sshd_config file on the affected NSX appliance, as in the following screenshot:

1. Log in to the NSX-T manager console as root
   
   
2. Edit the SSH service's configuration file:
   
   
   1. Open the file for editing by executing:  

      vi /etc/ssh/sshd_config

       

   2. Modify the configuration:
      
      
      1. Locate the line: "#PermitRootLogin prohibit-password" 
         
         
      2. Replace the line with: "PermitRootLogin yes"
         ^After opening a file with vi, type the letter "i" to enable "Insert" mode where changes can be made. When finished, hit the Esc key to end Insert mode again. *As seen at the bottom of the vi page:
         
         
         
   3. Save the updated configuration. 
      ^While not in Insert mode, type a colon (":") followed by "wq" (means write quit) and hit Enter.
      
      *to exit without applying changes, use "q!" instead. 
      
      
3. Restart the SSH service:
   
   
   • Execute the command:  

     /etc/init.d/ssh restart

*Note: If root login still fails you may need to enable root login after restarting SSH

• As the admin user, execute: 

  set ssh root-login