7 Replies Latest reply on Sep 23, 2013 9:48 PM by SatyS

    Cannot ssh into ESXi 5 host

    DZ1 Hot Shot

      I had to do some security hardening on a host and now I cannot ssh into it.  I can revert what I have done, but I want to pinpoint what line in the sshd_config file is causing this.  I'll list out what I have:

       

      The SSH Server is checked and running under Firewall, and ssh and ESXi shell is running on the host under Security Profile

      I can login to the host via the HP Onboard Administrator, both to the DCUI and the shell

      I am using putty and I set the Encryption cipher selection policy to 3DES and I tried to say the SSH protocol version was 2 only, I went back and forth with 2 only and just selecting 2

      I can login to the host directly with root and with an admin account I setup, and to the shell and DCUI

      I know that root is not permitted to ssh into the host since PermitRootLogin is set to no, I am trying my secondary account

       

      I immediately receive an error "Server unexpectedly closed the network connection", so it's stopping me before I can input anything.

       

      Lastly the ESXishelltimeout is at 900 seconds

       

      I'm sure it's the sshd_config fie since I edited it right before I had this issue.

       

      Thanks for any input.

       

      sshd file:

       

      # running from inetd

      # Port 2200

      Protocol 2

      HostKey /etc/ssh/ssh_host_rsa_key

      HostKey /etc/ssh/ssh_host_dsa_key

       

       

      UsePrivilegeSeparation yes

       

       

      SyslogFacility auth

      LogLevel info

       

       

      PermitRootLogin no

       

       

      PrintMotd yes

      PrintLastLog no

       

       

      TCPKeepAlive yes

       

       

      X11Forwarding no

       

       

      Ciphers 3des-ctr,aes128-ctr,aes192-ctr,aes256-ctr

       

       

      MACs hmac-sha1

       

       

      AllowTCPForwarding no

       

       

      GatewayPorts no

       

       

      AllowGroups

       

       

      GSSAPIAuthentication no

       

       

      KerberosAuthentication no

       

       

      AcceptEnv LOCALE

       

       

      PermitUserEnvironment no

       

       

      PermitTunnel no

       

       

      MaxSessions 1

       

       

      StrictModes yes

       

       

      RhostsRSAAuthentication no

       

       

      Compression no

       

       

      UsePAM yes

      # only use PAM challenge-response (keyboard-interactive)

      PasswordAuthentication no

       

       

      Banner /etc/issue

       

       

      Subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server

       

       

      AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys

       

       

      #ListenAddress

       

       

      # Timeout value of 10 mins. The default value of ClientAliveCountMax is 3.

      # Hence, we get a  3 * 200 = 600 seconds timeout if the client has been

      # unresponsive.

      ClientAliveInterval 200