- SSH is enabled via host UI

- Lockdown mode is not enabled

- Error seen when attempting to connect "Permission denied (publickey, keyboard-interactive)."

ESXi 7.x

Due to security hardening in the environment usepam setting, found in /etc/ssh/sshd_config,was set to 'no', 

PAM must be enabled in order to prompt for password. 

This can be verified by running the following command on the host:

grep -ir usepam /etc/ssh/sshd_config

Note: Please take a backup of the configuration prior to making changes:

 mv /etc/ssh/sshd_config  /etc/ssh/sshd_config.bak

Modify /etc/ssh/sshd_config and set usepam to yes with the following steps. 

1. Access the CLI of the host  using DCUI, idrac , ILO, etc

2. Use vi to modify  /etc/ssh/sshd_config

3. Find the setting "usepam" and change it to yes. 

4. Save changes to the file and restart the ssh service 

/etc/init.d/SSH restart