Unable to SSH into node for Aria Orchestrator with Error : "Access Denied : Incorrect password"
search cancel

Unable to SSH into node for Aria Orchestrator with Error : "Access Denied : Incorrect password"

book

Article ID: 398816

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • The Aria Orchestrator node is not accessible by SSH. Fails with  Error : "Access Denied : Incorrect password"
  • The same password is in use for control center and it is accessible successfully.
  • The journalctl -u sshd.service, showed errors related to {key_dir}, stating "Unable to load host key."
  • The SSHD service failed to start because the daemon had no host keys available for use.

Environment

  • VMware Aria Automation 8.x
  • VMware Aria Orchestrator 8.x

Cause

  • This is caused by the corrupted sshd_config_effective file 

Resolution

To resolve the issue, restore the sshd configurations from the sshd_config_desired file. 

  • Backup the existing contents of  /etc/ssh/sshd_config_effective file 
    cp  /etc/ssh/sshd_config_effective  /etc/ssh/sshd_config_effective_old 
  • Validate that the sshd_config_desired file has all the required contents. 
    • Key content validations for SSH with root user:
      • PermitRootLogin yes → Enables direct root login.
      • PasswordAuthentication yes → Allows password-based logins.
      • ListenAddress 0.0.0.0/:: → Ensures SSH is accessible from all regions / networks (Depends on reachability required).
  • Copy the contents of the sshd_config_desired from into the /etc/ssh/sshd_config_effective file
    cp  /etc/ssh/sshd_config_desired  /etc/ssh/sshd_config_effective
  • restart the sshd service
    sudo systemctl restart sshd.service
  • If the sshd.service is running healthily, skip this step. If the sshd.service still complains with errors related to {key_dir}, stating "Unable to load host key." Follow the below procedure to recreate the hostKeys
    • Identify the host keys sshd expects:
      grep ^HostKey /etc/ssh/sshd_config_effective
    • Check if those files exist
      ls -l /etc/ssh/ssh_host_*
    • Generate missing host keys:
      sudo ssh-keygen -A
      Note: This regenerates all missing host keys (RSA, ECDSA, Ed25519).
    • Fix file ownership and permissions as the private keys must be owned by root:root and 600:
      sudo chown root:root /etc/ssh/ssh_host_*
      sudo chmod 600 /etc/ssh/ssh_host_*_key
      Public keys (*.pub) can be 644.
    • Restart sshd.service
      sudo systemctl restart sshd.service
      sudo systemctl status sshd.service
  • Attempt to access the node via ssh now.
Powered by Wolken Software