Unable to connect to ESXi host using SSH
Article ID: 323621
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Symptoms:
- Unable to connect to an ESXi host using SSH although SSH is enabled.
- You see the error:
Server unexpectedly closed network connection
- The /var/log/auth.log file, you see entries similar to:
2012-12-16T23:46:00Z sshd[636556]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2012-12-16T23:46:00Z sshd[636556]: error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
2012-12-16T23:46:00Z sshd[636556]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2012-12-16T23:46:00Z sshd[636556]: error: Permissions 0644 for '/etc/ssh/ssh_host_dsa_key' are too open.
2012-12-16T23:46:00Z sshd[636556]: error: It is recommended that your private key files are NOT accessible by others.
2012-12-16T23:46:00Z sshd[636556]: error: This private key will be ignored.
2012-12-16T23:46:00Z sshd[636556]: error: bad permissions: ignore key: /etc/ssh/ssh_host_dsa_key
2012-12-16T23:46:00Z sshd[636556]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
2012-12-16T23:46:00Z sshd[636556]: Disabling protocol version 2. Could not load host key
2012-12-16T23:46:00Z sshd[636556]: sshd: no hostkeys available -- exiting.
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
Environment
VMware vSphere ESXi 5.0
VMware vSphere ESXi 6.7
VMware vSphere ESXi 5.5
VMware vSphere ESXi 6.0
VMware vSphere ESXi 5.1
VMware vSphere ESXi 6.5
VMware vSphere ESXi 6.7
VMware vSphere ESXi 5.5
VMware vSphere ESXi 6.0
VMware vSphere ESXi 5.1
VMware vSphere ESXi 6.5
Cause
This issue occurs because the SSH private key permission is set only to the root user.
Note: The SSH private key should not be accessed by any other user or group than the root for security reasons.
Note: The SSH private key should not be accessed by any other user or group than the root for security reasons.
Resolution
To resolve this issue, connect to the ESXi host using Remote Console tools:
- Login to the local shell on the ESXi host using Remote Console tools.
- Modify the private key permission at /etc/ssh/ to 600 using the command:
# chmod 600 /etc/ssh/ssh_host_rsa_key
- Restart the sshd service on the host using the command:
# ./sbin/services.sh restart
Additional Information
Feedback
Yes
No
Powered by
