• LDAP and TACACS+ users are blocked from accessing the Controller shell with prompts to accept the SSH key and enter local admin password.
• With 30.1.x Version, when remote user used the "attach controller <IP>" method to connect to bash with an LDAP-authenticated user, they are being prompted to accept the ssh host key and to enter the local admin password.

VMware NSX-T AWS GCP Azure

• This issue occurs because the remote user is being incorrectly authenticated as the local "admin" user instead of the "avidebuguser." If the remote user happens to have the same password as the "admin" user, the "attach controller" command appears to succeed, but the user is actually logged in as "admin," which is incorrect.
  
  Example Log Output:
  

  user@server ~ % ssh cli@avi-controller-fqdn
  
  Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc.
  All rights reserved.
  
  The copyrights to certain works contained in this software are
  owned by other third parties and used and distributed under
  license. Certain components of this software are licensed under
  the GNU General Public License (GPL) version 2.0 or the GNU
  Lesser General Public License (LGPL) Version 2.1. A copy of each
  such license is available at
  http://www.opensource.org/licenses/gpl-2.0.php and
  http://www.opensource.org/licenses/lgpl-2.1.php
  
  Launching a CLI shell in a container
  Login: remote-user-username
  Password:
  
  [avi-user:ip]: > attach controller <controller-hostname-or-ip>
  FIPS mode initialized
  Warning: Permanently added <ip address>' (ECDSA) to the list of known hosts.
  
  Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc.
  All rights reserved.
  
  Permission denied, please try again.
  FIPS mode initialized
  The authenticity of host 'x.x.x.x' can't be established.
  
  Avi Networks software, Copyright (C) 2013-2017 by Avi Networks, Inc.
  All rights reserved.
  
  admin@controller-host-name's password:
  
  The copyrights to certain works contained in this software are
  owned by other third parties and used and distributed under
  license. Certain components of this software are licensed under
  the GNU General Public License (GPL) version 2.0 or the GNU
  Lesser General Public License (LGPL) Version 2.1. A copy of each
  such license is available at
  http://www.opensource.org/licenses/gpl-2.0.php and
  http://www.opensource.org/licenses/lgpl-2.1.php
  Last login: 
  admin@controller-host-name:~${noformat}

• This is a regression introduced in version 30.1.x and 30.2.x that prevents remote users from accessing the Controller shell when using specific authentication methods.

• Upgrade to Patch Version 30.2.2-2p2
• Upgrade to 31.1.1 or 30.2.3 (Maintenance Release)

Release Notes

https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html