VMware Cloud Community
scottsisco
Contributor
Contributor
‎05-18-2019 01:55 PM

ssh -i /root/.ssh/id_esxi root@HOSTIP "esxcli storage core adapter list" permission denied after upgrade to 6.5

Hi

I upgraded from ESXi 6 to ESXi 6.5.0 Update 1 (Build 8285314) last evening and everything seems to be functioning with on exception. I used to be able to interact with esxcli the following way over ssh.

ssh -i /root/.ssh/id_esxi root@HOSTIP "esxcli storage core adapter list"

However, I now get the following error.

Error: Permission to perform this operation was denied..

The error seems to be some sort of security setting because other commands work just fine. For example,

ssh -i /root/.ssh/id_esxi_freenas root@192.168.1.128 "ls /vmimages"

floppies

tools-isoimages

If I use passwordless ssh to the server and then run esxcli I have no problems.

ssh -i /root/.ssh/id_esxi_freenas root@HOSTIP

esxcli storage core adapter list

HBA Name  Driver       Link State  UID                                   Capabilities         Description

--------  -----------  ----------  ------------------------------------  -------------------  -------------------------------------------------------------------------------------

vmhba0    vmw_ahci     link-n/a    sata.vmhba0                                                (0000:00:11.0) ATI Technologies Inc SB700 SATA Controller [IDE Mode]

vmhba1    pata_atiixp  link-n/a    ide.vmhba1                                                 (0000:00:14.1) ATI Technologies Inc SB700/SB800 IDE Controller

vmhba2    sata_sil     link-n/a    sata.vmhba2                                                (0000:01:03.0) Silicon Image, Inc. SiI 3114 [SATALink/SATARaid] Serial ATA Controller

vmhba64   iscsi_vmk    online      iqn.1998-01.com.vmware:esxi-20145e62  Second Level Lun ID  iSCSI Software Adapter

vmhba33   pata_atiixp  link-n/a    ide.vmhba33                                                (0000:00:14.1) ATI Technologies Inc SB700/SB800 IDE Controller

vmhba34   sata_sil     link-n/a    sata.vmhba34                                               (0000:01:03.0) Silicon Image, Inc. SiI 3114 [SATALink/SATARaid] Serial ATA Controller

vmhba35   sata_sil     link-n/a    sata.vmhba35                                               (0000:01:03.0) Silicon Image, Inc. SiI 3114 [SATALink/SATARaid] Serial ATA Controller

vmhba36   sata_sil     link-n/a    sata.vmhba36                                               (0000:01:03.0) Silicon Image, Inc. SiI 3114 [SATALink/SATARaid] Serial ATA Controller

Here is what the auth.log looks like when I get the error (I have removed IPs and RSA key). The log seems to indicate things are working just fine to me.

2019-05-18T20:18:28Z sshd[79114]: Connection from removed ip port 58278

2019-05-18T20:18:28Z sshd[79114]: Accepted publickey for root from removed ip port 58278 ssh2: RSA removed key

2019-05-18T20:18:28Z sshd[79114]: pam_unix(sshd:session): session opened for user root by (uid=0)

2019-05-18T20:18:28Z sshd[79114]: User 'root' running command 'esxcli storage core adapter list'

2019-05-18T20:18:33Z sshd[79114]: Received disconnect from removed ip port 58278:11: disconnected by user

2019-05-18T20:18:33Z sshd[79114]: Disconnected from user root removed ip port 58278

2019-05-18T20:18:33Z sshd[79114]: pam_unix(sshd:session): session closed for user root

I am sure this is something really simple, but I just cant seem to figure it out. help would be greatly appreciated.

Scott

Reply
0 Kudos
0 Replies