• Cluster configuration fails in an Azure cloud environment because SSH between controller nodes prompts for a password despite public-key authentication being enabled in sshd_config.

• Avi version: 30.2.x, 31.1.x 
• Azure Cloud Only

• When controllers are deployed from the Azure Marketplace, the file /etc/ssh/sshd_config on each controller may be modified (likely by cloud-init), removing the AuthorizedKeysFile setting. This prevents the SSH daemon from locating users' authorized keys, forcing password prompts.

Manually add the missing AuthorizedKeysFile line to /etc/ssh/sshd_config on each controller node and restart sshd.service.

Steps to apply the workaround

1. SSH into each controller node (use password authentication if key-based authentication fails).
2. Open /etc/ssh/sshd_config in a text editor (for example, vi):
   • sudo vi /etc/ssh/sshd_config
3. Add (or restore) the following line if it is missing:
   • AuthorizedKeysFile /etc/ssh/authorized_keys_%u .ssh/authorized_keys
4. Save the file and exit the editor.
5. Restart the SSH daemon:
   • sudo systemctl restart sshd.service
6. Verify key-based SSH from the controller nodes to each other:
   • From controller A: ssh controller-b (should not prompt for a password)
   • Repeat for other node pairs.

Notes and verification

• After applying the change and restarting sshd.service, SSH between controller nodes should work without prompting for a password and cluster creation should proceed successfully.

• This change is a manual workaround. 
• If environments re-provision controllers (e.g., redeploy from marketplace or run a configuration management job), re-check the sshd_config to ensure the AuthorizedKeysFile line persists.
• Ensure any automation that manages SSH config is updated to include this setting if necessary.