ESXi Host not compatible with attached Host Profile due to SSH authorized key value mismatch. Error "SSH public key not present in profile for root"
Article ID: 384892
Updated On:
Products
VMware vSphere ESXi
VMware vSphere ESXi 7.0
VMware vSphere ESXi 8.0
Issue/Introduction
- Applying host profile created on an earlier version of vSphere 7.x to ESXi hosts running 8.x a non-compliant error may be triggered, specifically related to SSH key settings as follows:
SSH public key not present in profile for root - The host profile attached to the hosts may not be compatible it if SSH authorized key for the user root is either missing or has a different value.
Environment
VMware vSphere ESXi 7.x
VMware vSphere ESXi 8.x
Cause
SSH key are added for the user account in ESXi Host which is either not present in Host Profile or has a different value resulting in Host not being complaint with the attached profile.
Resolution
To resolve the issue, add the authorized SSH key for the user root in the host profile attached to the Host if this is a requirement.
Else remove the key from ESXi host from authorized_keys files by following steps mentioned here:1. SSH to the ESXi Host2. Backup the file using cp /etc/ssh/keys-root/authorized_keys /etc/ssh/keys-root/authorized_keys.bak3. Clear contents of the file using the command: echo "" /etc/ssh/keys-root/authorized_keys
Note:
- The key can be found on the ESXi host at location
/etc/ssh/keys-root/authorized_keys - Compare the compliant and non-complaint hosts. If the keys are presented in the compliant host, add the
authorized_keysto the non-complaint hosts. - If the
authorized_keysare not presented in the compliant host, remove the keys from the non-compliant host
Feedback
Yes
No
Powered by
