NSX Appliance SSH Root Login Fails with Access Denied despite the ssh service running and root login being enabled
search cancel

NSX Appliance SSH Root Login Fails with Access Denied despite the ssh service running and root login being enabled

book

Article ID: 375479

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • SSH access with root login may not have been enabled when initially deploying NSX.

  • When attempting to establish an SSH, SCP, or SFTP connection to an NSX-T Manager or Edge node using the root account, the connection is rejected with an "Access Denied" error.


  • As the admin user, executing command:  get service ssh  shows root login value enabled and the SSH "service state" as running.

Cause

The  PermitRootLogin entry is commented out in the /etc/ssh/sshd_config file on the affected NSX appliance, as in the following screenshot:

 

 

Resolution

  1. Log in to the NSX-T manager console as root

  2. Edit the SSH service's configuration file:

    1. Open the file for editing by executing:  
      vi /etc/ssh/sshd_config

       

    2. Modify the configuration:

      1. Locate the line: "#PermitRootLogin prohibit-password" 

      2. Replace the line with: "PermitRootLogin yes"
        ^After opening a file with vi, type the letter "i" to enable "Insert" mode where changes can be made. When finished, hit the Esc key to end Insert mode again. *As seen at the bottom of the vi page:


    3. Save the updated configuration. 
      ^While not in Insert mode, type a colon (":") followed by "wq" (means write quit) and hit Enter.

      *to exit without applying changes, use "q!" instead. 

  3. Restart the SSH service:

    • Execute the command:  
      /etc/init.d/ssh restart


*Note: If root login still fails you may need to enable root login after restarting SSH

  • As the admin user, execute: 
    set ssh root-login

 

Additional Information

Also refer to (KB 324233) Enable ssh root access for NSX appliances