Scenario 1: SSH fails immediately with "Access Denied" or "PAM Authentication Failure" in the logs. 

•  sddc_bash_console# systemctl status sshd

PAM: Authentication failure for root on #.#.#.#

Scenario 2: You are prompted for a password, but after entering it, the terminal returns: ssh: connect to host <sddc_manager_fqdn> port 22: Connection refused (or "Unable to connect").

This occurs for both the root and vcf user accounts, even though:

• Login to the SDDC Manager UI (https://sddc.example.com/ui) is successful.
• Login to the SDDC Manager via the vCenter HTML5 console or VMRC bash shell is successful.

VCF 5.2.x

SDDC 5.2.x

SDDC 9.0.2

1. Root SSH Restriction: By default, direct SSH access for the root account is disabled on SDDC Manager for security. This is expected behavior.
2. Account Lockout: The vcf user account may be locked due to multiple failed login attempts or may have an expired password.

Follow these steps to unlock the vcf account and restore SSH access:

1. Access the Console: Open the SDDC Manager VM console in vCenter using the Web Browser console or VMware Remote Console (VMRC).
2. Log In: Log in to the bash shell as the root user.
3. Unlock the vcf Account: Clear any authentication failure locks using the faillock utility.

   • /usr/sbin/faillock --user vcf --reset

4. Reset the vcf User Password: Synchronize or update the vcf credentials.

   • passwd vcf

5. Verify SSH Connectivity: Attempt to SSH to the SDDC Manager using the vcf user.

   • ssh vcf@<sddc_manager_fqdn>

6. Switch to Root: Once logged in as vcf, use the su command to switch to the root user if administrative access is required:

   • su -

Instructions on how to reset the vcf and root user accounts for SDDC manager.