Users are prompted to enter the password twice during SSH login to vCenter
search cancel

Users are prompted to enter the password twice during SSH login to vCenter

book

Article ID: 394111

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Any user with `shell=/bin/appliancesh` ssh to the vc the password is prompted twice
  • VC configured with 3rd party PAM authentication(Ex:CyberArk,Arcon etc)  might also prompt for password.
  • Journalctl (journalctl -b -0 | less) logs reports below errors:

Mar xx xx:xx:xx VC_FQDN snmpd[2175]: P3 13771: init_partition_mounts: read /proc/mounts failed, hrPartitionFSIndex offline, will report 0
Mar xx xx:xx:xx VC_FQDN vpxd[11582]: Event [941831] [1-1] [2025-03-17T11:17:17.211488Z] [vim.event.UserLogoutSessionEvent] [info] [VSPHERE.LOCAL\Administrator] [] [941831] [User VSPHERE.LOCAL\Admin
[email protected] logged out (login time: Monday, 17 March, 2025 10:46:58 AM, number of API invocations: 3, user agent: vAPI/2.100.0 Java/1.8.0_412 (Linux; 5.10.219-3.ph4; amd64))]
Mar xx xx:xx:xx VC_FQDN cli[3245764]: vmware.vherd.linux_cli.cli Error getting authentication cookie from applmgmt service. Verify that the applmgmt service is running and that the method requested
 to obtain the cookie requires authentication.
Mar xx xx:xx:xx VC_FQDN sshd[3245726]: pam_mgmt_cli(sshd:auth): auth script returned error (251): Error getting authentication cookie from applmgmt service.
Mar xx xx:xx:xx VC_FQDN CROND[3246107]: (root) CMD (. /usr/lib/applmgmt/backup_restore/scripts/backup-restore-cron-loader.sh ; /usr/lib/applmgmt/monitoring/scripts/alarm_cron.py >>/var/log/vmware/a
pplmgmt/alarm_cron.log 2>&1)

  • Log file /var/log/vmware/applmgmt/applmgmt.log will show similar entries to: 

xxxx-xx-xxTxx:xx:xx PM IST [24090]DEBUG:vmware.vherd.transport.authentication:No cookie in request
xxxx-xx-xxTxx:xx:xx PM IST [24090]DEBUG:vmware.vherd.transport.authentication:Verifying credentials against Linux PAM of user: XXXXXXX302
xxxx-xx-xxTxx:xx:xx PM IST [24090]DEBUG:vmware.vherd.transport.authentication:faillock.get b'Login           Failures    Latest failure      From\USER_NAME          3       2025-03-17 14:55:48    passwd\n'

  • Log file /var/log/vmware/messages will show similar entries to:

xxxx-xx-xxTxx:xx:xx.xxxxxx+xx:xx VC_FQDN snmpd[2175] P3 13771: init_partition_mounts: read /proc/mounts failed, hrPartitionFSIndex offline, will report 0
xxxx-xx-xxTxx:xx:xx.xxxxx+xx:xx VC_FQDN cli: vmware.vherd.linux_cli.cli Error getting authentication cookie from applmgmt service. Verify that the applmgmt service is running and that the method requested to obtain the cookie requires authentication.
xxxx-xx-xxTxx:xx:xx.xxxxxx+xx:xx VC_FQDN sshd[3245726] pam_mgmt_cli(sshd:auth): auth script returned error (251): Error getting authentication cookie from applmgmt service.

Environment

vCenter Server 8.0.3

Cause

The double password prompt during SSH login is caused by vCenter sudo privilege escalation configuration.

Resolution

The issue is fixed in 8.0U3e.

For versions before 8.0U3e, perform the following steps to fix it:

  1. Take a online snapshot of vCenter ( If the vCenter are in ELM-Offline snapshots is Mandatory Ref:VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice)
  2. SSH to the vCenter with root user
  3. Open the file /usr/lib/applmgmt/base/py/vmware/vherd/base/utils.py using vi
  4. Change the below lineļ¼š
     
    proc = subprocess.Popen(['sudo', support_script],
    stdout=subprocess.PIPE, stderr=subprocess.PIPE)

    to

    proc = subprocess.Popen(['sudo', '/bin/sudo_py_vmw_path_pp_wrapper.sh', support_script],
    stdout=subprocess.PIPE, stderr=subprocess.PIPE)

    Note: Please retain the original indentation

  5. Restart the appliance management service executing command:

    service-control --restart applmgmt
Powered by Wolken Software