richardjjohnson
Contributor
Contributor

Access Denied with SSH/Putty after applying update 1 of ESX 3.02

Jump to solution

I don't know if anyone can help.

I've had an ESX server working like a dream for the last few months. I've been able to access the console via SSH (after changing the allowroot sshd setting of course).

After applying update 1, I am now unable to do this. Everytime I enter the password, I get 'access denied'.

I've checked the config file and it is still set to allow root, so nothing wrong there.

I'm able to access the VIC with the root account so I'm definately not getting the password wrong.

Any ideas guys?

Many thanks,

Richard

0 Kudos
1 Solution

Accepted Solutions
Abaronov
Enthusiast
Enthusiast

Are you able to create a new ordinary (none-root) account through VIC or RootAccess ()? Are you then able to use this account and su/sodo in putty?

Thanks,

Andrei

View solution in original post

0 Kudos
9 Replies
Rajeev_S
Expert
Expert

Richard: Try restarting the sshd service. I Dont think its dependent on any other service.

richardjjohnson
Contributor
Contributor

This is a no go I'm afraid as I am unable to get any kind of console session. I can't even get a logon via the physical console - Alt-F1 doesn't do anything.

When I try to log in via Putty, I do get a login screen (so ssh must be working right?). I just get the 'access denied' message.

All VM guest are working fine though.

0 Kudos
Abaronov
Enthusiast
Enthusiast

Are you able to create a new ordinary (none-root) account through VIC or RootAccess ()? Are you then able to use this account and su/sodo in putty?

Thanks,

Andrei

0 Kudos
richardjjohnson
Contributor
Contributor

Thank you both. I'm not sure why, but running update 1 changed the rights of my root account.

The veeam tool did the trick on giving the rights back again.

Many thanks,

Richard

0 Kudos
esiebert7625
Immortal
Immortal

Maybe the update overwrote the /etc/ssh/ssh_config file which is where the PermitRootLogin setting is contained.

-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-

Thanks, Eric

Visit my website:

-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-

0 Kudos
Graham_Lord
Contributor
Contributor

You need to set "PermitRootLogin yes" in /etc/ssh/sshd_config

then restart the sshd service.

0 Kudos
craiglawyer
Contributor
Contributor

That'll work but it's more secure to login as something other than root and then su once you're logged in.

0 Kudos
Graham_Lord
Contributor
Contributor

Agreed - always use the su switch !!!

Graham Lord

IT Specialist

VmWare ESX/Vi3 BPG

IT Architect Affiliate

Wintel Service Line

ITDelivery - Server Systems Operations - UKISA

IBM Global Services

Lennox Wood

Southwater Business Park

Southwater

West Sussex RH13 9JJ

Internal 215125 / External +44(0)1403 825125

Mobile.: +44(0)7734 325344 / Mobex: 279494

EMail: Graham Lord/UK/IBM@IBMGB / Graham.Lord@UK.IBM.COM

craiglawyer <communities-emailer@vmware.com>

02/11/2007 16:47

To

Graham Lord/UK/IBM@IBMGB

cc

Subject

http://ESX Server 3.x Configuration New message: "Access Denied with SSH/Putty

after applying update 1 of ESX 3.02"

Graham Lord,

A new message was posted in the thread "Access Denied with SSH/Putty after

applying update 1 of ESX 3.02":

http://communities.vmware.com/message/785459

Author : craiglawyer

Profile : http://communities.vmware.com/people/craiglawyer

Message:

0 Kudos
SafetyMan
Contributor
Contributor

MORE INFORMATION To avoid this problem in the future:

To distinguish whether you forgot the password or if the remote login has been turned off,

You can do a couple things:

1&gt;use putty to login (if denied, it means you can not remotely login and you may have forgotten the password)

2&gt;type the ip address of the server into the URL, click login to web access .

(if denied, it means you forgot the password. In other words you will have to reset the root password)

3&gt;login to the physical machine with a keyboard attached and monitor attached to it.

(if denied, it means you forgot the password. In other words you will have to reset the root password)

excellent article on how to reset the root password:

We can do two things to avoid this problem(remote login) from happening in the future

================================================================

1&gt;During installation of a new VMWARE ESX INSTALLATION, we could tick the box

which says "GRANT SHELL ACCESS", or when you create a new user; make sure

tick the box for "Grant Shell Access". VMWARE Recommends created an additional

account outside of root for logging into the box, then when needing root access level

security use the "su" command to switch the user.

2&gt;*********************************************************************

BEFORE YOU DO THIS, MIGRATE ALL MACHINES ON THIS HOST TO ANOTHER ESX BOX

IN THE CLUSTER

***********************************************************************

After you physically install the new ESX BOX and when you forgot to tick the "Grant Shell Access" box,

You can adjust a configuration file. To note: to be able to do this, you need to be physically

Attached the box with a monitor and keyboard.

What configuration file do you need to adjust?

You need to set "PermitRootLogin yes" in /etc/ssh/sshd_config

Next: restart the sshd service or reboot the box.

&gt;nano sshd_config (nano is a text editor for linux)

&gt;switch the command from "no" to "yes"

&gt;&lt;cntl&gt;&lt;x&gt; choose to save the file

===================================================================

IMPORTANT -


do not edit the ssh_config file this command

is located in the sshd_config file

===================================================================

OTHER REFERENCES:

http://communities.vmware.com/thread/144634

Thanks,

Doug Lubey of Louisiana

SEARCH ENGINE REFERENCES

======================

putty esx 3.5 access denied

forgot administrator password

reset administrator password in VMWARE LINUX

reset root password for UNIX

reset password for the ROOT VMWARE LOGIN ACCOUNT

0 Kudos