SSH root access for NSX-T appliance fails with "Access Denied"
search cancel

SSH root access for NSX-T appliance fails with "Access Denied"

book

Article ID: 375479

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • SSH access with root login was not enabled at NSX-T appliance deployment time.
  • Attempts to SSH login with the root user fails with an "Access Denied" error.
  • SCP or SFTP will also fail with root login and files cannot be transferred.
  • As the admin user, executing:  get service ssh  shows "root login" enabled and the SSH "service state" as running.

Environment

  • VMware NSX-T Data Center 3.x
  • VMware NSX 

Cause

Although SSH was enabled, the root user is not allowed to login via SSH.  PermitRootLogin is commented out in the /etc/ssh/sshd_config file on the affected NSX appliance, as in the following screenshot:

 

 

Resolution

  1. Log in to the NSX-T manager console as root
  2. Edit SSH config file:
    • Open the file for editing by executing:  
      vi /etc/ssh/sshd_config
  3. Modify the configuration:
    1. Locate the line: "#PermitRootLogin prohibit-password" 
    2. Replace the line with: "PermitRootLogin yes" 
  4. Restart the SSH service:
    • Execute the command:  
      /etc/init.d/ssh restart

Note: If root login still fails you may need to enable root login after restarting SSH

  • As the admin user, execute: 
    set ssh root-login

Note: 

PermitRootLogin prohibit-password may not be commented out in some cases, but it will require the same workaround above to allow root SSH login, or it will require restarting the SSH service.

Additional Information

Enable ssh root access for NSX appliances

Powered by Wolken Software