7 Replies Latest reply on Sep 23, 2013 9:48 PM by SatyS

    Cannot ssh into ESXi 5 host

    DZ1 Hot Shot

      I had to do some security hardening on a host and now I cannot ssh into it.  I can revert what I have done, but I want to pinpoint what line in the sshd_config file is causing this.  I'll list out what I have:


      The SSH Server is checked and running under Firewall, and ssh and ESXi shell is running on the host under Security Profile

      I can login to the host via the HP Onboard Administrator, both to the DCUI and the shell

      I am using putty and I set the Encryption cipher selection policy to 3DES and I tried to say the SSH protocol version was 2 only, I went back and forth with 2 only and just selecting 2

      I can login to the host directly with root and with an admin account I setup, and to the shell and DCUI

      I know that root is not permitted to ssh into the host since PermitRootLogin is set to no, I am trying my secondary account


      I immediately receive an error "Server unexpectedly closed the network connection", so it's stopping me before I can input anything.


      Lastly the ESXishelltimeout is at 900 seconds


      I'm sure it's the sshd_config fie since I edited it right before I had this issue.


      Thanks for any input.


      sshd file:


      # running from inetd

      # Port 2200

      Protocol 2

      HostKey /etc/ssh/ssh_host_rsa_key

      HostKey /etc/ssh/ssh_host_dsa_key



      UsePrivilegeSeparation yes



      SyslogFacility auth

      LogLevel info



      PermitRootLogin no



      PrintMotd yes

      PrintLastLog no



      TCPKeepAlive yes



      X11Forwarding no



      Ciphers 3des-ctr,aes128-ctr,aes192-ctr,aes256-ctr



      MACs hmac-sha1



      AllowTCPForwarding no



      GatewayPorts no






      GSSAPIAuthentication no



      KerberosAuthentication no



      AcceptEnv LOCALE



      PermitUserEnvironment no



      PermitTunnel no



      MaxSessions 1



      StrictModes yes



      RhostsRSAAuthentication no



      Compression no



      UsePAM yes

      # only use PAM challenge-response (keyboard-interactive)

      PasswordAuthentication no



      Banner /etc/issue



      Subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server



      AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys






      # Timeout value of 10 mins. The default value of ClientAliveCountMax is 3.

      # Hence, we get a  3 * 200 = 600 seconds timeout if the client has been

      # unresponsive.

      ClientAliveInterval 200