aj800
Enthusiast
Enthusiast

Cannot SCP certificate files to VCSA

I tried to upload a certificate set to our VCSA using the GUI and root account (Administrator).  I didn't realize that I had to combine the root and intermediate files into one, so after uploading, resetting and following a guide I found, then rebooting the VCSA, the browser would not connect and showed the following error in Chrome: NET::ERR_CERT_AUTHORITY_INVALID

So, I tried to reset everything in the CLI but got errors doing that, now I'm trying to copy the appended cert file to the VCSA but when I follow the instructions to do that (changing the shell access to allow SCP), whenever I try to SCP the file, I get "Unknown command 'scp'" after it prompts me with the login and password.  I did the following:

On the VCSA appliance:

Command> shell.set --enable True

Unknown command: `shell.set'

Command> shell.set --enable true

Unknown command: `shell.set'

Command> shell

Shell access is granted to root

root@myvcsa [ ~ ]# chsh -s /bin/bash root

You are required to change your password immediately (root enforced)

chsh: PAM: Authentication token is no longer valid; new one required

root@myvcsa [ ~ ]# exit

logout

Command> exit

Connection to myvcsa.my.network.com closed.

Trying to SCP the fiile from another Linux host:

$ scp /Documents/VMware/Certificates//Certificate_And_Intermediate_Combined.crt root@myvcsa.my.network.com:/var/tmp/cert-temp

root@myvcsa.my.network.com's password:

Unknown command: `scp'

Yesterday when I tried this, at least the first part didn't throw back an error (shell.set --enable True), but even then it still gave me the same error.

I need to update these certs ASAP.  ANy help would be appreciated.  Thanks.

EDIT:  I was able to SCP the files to the VCSA using the VCSA appliance shell from the host I was trying to copy from originally.  Not sure why I could not copy to the VCSA from the host.

0 Kudos
3 Replies
RajeevVCP4
Expert
Expert

try this

https://blog.ukotic.net/2016/09/20/scp-to-a-vcenter-server-appliance-vcsa/

How to allow Shell and SCP access in vCenter 6 Appliance | VIRTUALIZATION BLOG

Rajeev Chauhan
VCIX-DCV6.5/VSAN/VXRAIL
Please mark help full or correct if my answer is use full for you
0 Kudos
Devon121
Contributor
Contributor

When I was trying to copy the files using winscp or SCP from the other linux to upload the certificate files to the vCenter Server Appliance krogerfeedback.

0 Kudos
Vijay2027
Expert
Expert

The below error basically means your root password is expired. Reset the root password and change shell.

root@myvcsa [ ~ ]# chsh -s /bin/bash root

You are required to change your password immediately (root enforced)

chsh: PAM: Authentication token is no longer valid; new one required

Once you change shell run cat /etc/passwd | grep -i root and make sure the shell is /bin/bash

0 Kudos