Unable to take SSH to vCSA - SSH Service gets disabled immediately.
search cancel

Unable to take SSH to vCSA - SSH Service gets disabled immediately.

book

Article ID: 376522

calendar_today

Updated On:

Products

VMware vCenter Server VMware vCenter Server 7.0 VMware vCenter Server 8.0

Issue/Introduction

Symptoms:

  • Unable SSH to vCenter Server Appliance.
  • SSH service gets disabled automatically, even if enabled from either the DCUI or VAMI page.

The following errors are observed in logs:

systemd[1]: Started OpenSSH Daemon.

sshd[8432]: /etc/ssh/sshd_config line 107: FipsMode should be set before Ciphers option

systemd[1]: sshd.service: Main process exited, code=exited, status=255/n/a

systemd[1]: sshd.service: Failed with result 'exit-code'.

systemd[1]: sshd.service: Service RestartSec=100ms expired, scheduling restart.

systemd[1]: sshd.service: Scheduled restart job, restart counter is at 4.

systemd[1]: Stopped OpenSSH Daemon.

 

The following error is seen when checking the sshd service status:

# systemctl status sshd

Environment

vCenter Server Appliance 7.x

vCenter Server Appliance 8.x

Cause

The /etc/ssh/sshd_config file is corrupt or has wrong entries.

Resolution

Follow any of the below methods depending on the situation to modify the sshd_config file.

  • If there is another working VCSA of same version, copy the file or contents of /etc/ssh/sshd_config and replace on problematic VCSA.

Since SSH is down, SCP clients may not work. Use the SCP command to copy the file or, alternatively do the following:

  • Cat sshd_config file in working VC.
  • Copy contents of the file to a notepad.
  • Rename the file created in the problematic VC, as sshd_config.bak
  • Create a new file with same name with vi by running: vi sshd_config (this file should be in the /etc/ssh/ folder only).
  • Copy the text to this newly created file.
  • Save using the command :wq!
Powered by Wolken Software