Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Enabling SSH for non-root users in ESXi 4.x fails with the error: Access denied (2005626)

Symptoms

  • You cannot connect to the ESXi 4.x host as a non-root user using Secure Shell (SSH).
  • Connecting to the ESXi 4.x host as a non-root user using SSH fails.
  • You see the error:

    login as: username
    username@x.x.x.x's password:
    Access denied

Purpose

This article provides steps to enable local user accounts on the ESXi hosts, allowing local users connect to the hosts using SSH remotely. By default, SSH is disabled for non-root users in ESXi 4.0 hosts and ESXi 4.1 hosts.

Resolution

To resolve this issue, enable SSH access for non-root users.

To enable SSH access for non-root users:
 
  1. Create a user account on the ESXi 4.x host using one of these options:

    • Create a user account using the vSphere Client.

      Using the vSphere Client:
      1. Connect to the host directly using the vSphere Client with root credentials.
      2. Click the Local Users & Groups tab.
      3. Right-click anywhere in the tab, then click Add.
      4. Enter a log in name and password.
      5. Click OK.

    • Create a user account using the useradd command.

      Using the useradd command:

      Note: Remember to set a password for this user account.

      1. Connect to the host via SSH with root credentials:

        mkdir -p /home/username

      2. Create the user:

        useradd test -d /home/username -s /bin/bashConnect to the host directly using the vSphere Client with root credentials.

  2. Click the Permissions tab.
  3. Right-click Add Permission then click Add.
  4. Select the newly created local user from the list and click Add.
  5. Assign the Administrator role to the user then click OK.
  6. Verify the user is setup correctly when connected to the host via SSH as root:

    1. Take a backup of the /etc/passwd file.
    2. Verify if the user's /home/username directory exists. If not, create it with the command:

      mkdir -p /home/username

    3. Edit the /etc/passwd file and locate the new user account you have created:

      Note: By default in an ESXi 4.1 host, the new user account is created with the shell set to /sbin/nologin. In an ESXi 4.0 host, it is set to /bin/false.


    4. Set the shell to:

      /bin/bash

    5. Set the /home directory to the user's /home/username directory.
    6. Save and quit the file.

  7. Restart the inetd service with the command:

    services.sh restart

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 3 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 3 Ratings
Actions
KB: