SSH service does not respond after upgrading from ESXi 6.x to 6.7 U2
Article ID: 345172
Updated On:
Products
VMware
Issue/Introduction
Symptoms:
SSH service does not respond when:
2019-04-23T14:14:35Z ssh-upgrade-config: ERROR: Failed to parse config file /etc/ssh/.#sshd_config: 'ascii' codec can't decode byte 0xe2 in position 1160: ordinal not in range(128)
2019-04-23T14:24:24Z ssh-upgrade-config: INFO: Writing updated config to temporary file /etc/ssh/sshd_config.tmp
2019-04-23T14:24:24Z ssh-upgrade-config: INFO: Renaming file /etc/ssh/sshd_config.tmp to /etc/ssh/sshd_config
Note:The preceding log excerpts are only examples.Date,time and environmental variables may vary depending on your environment.
SSH service does not respond when:
- An ESXi host was recently upgraded to 6.7 U2 from an earlier version (6.0, 6.5, or 6.7).
- SSH service on this host was configured to be enabled prior to the upgrade (By default, the SSH service is disabled).
- The var/log/syslog.log will have similar entries below
2019-04-23T14:14:35Z ssh-upgrade-config: ERROR: Failed to parse config file /etc/ssh/.#sshd_config: 'ascii' codec can't decode byte 0xe2 in position 1160: ordinal not in range(128)
2019-04-23T14:24:24Z ssh-upgrade-config: INFO: Writing updated config to temporary file /etc/ssh/sshd_config.tmp
2019-04-23T14:24:24Z ssh-upgrade-config: INFO: Renaming file /etc/ssh/sshd_config.tmp to /etc/ssh/sshd_config
Note:The preceding log excerpts are only examples.Date,time and environmental variables may vary depending on your environment.
Cause
During boot, unicode characters present in the /etc/ssh/sshd_config file causes the configuration upgrader to fail. As a result, SSH configuration is not upgraded, which may be an invalid configuration that prevents SSH from accepting incoming connections.
This causes the FipsMode entry missing from /etc/ssh/sshd_config file
This causes the FipsMode entry missing from /etc/ssh/sshd_config file
Resolution
This issue is resolved in VMware vSphere ESXi 6.7 Patch ESXi670-201904001 release.
Workaround:
1.To resolve this issue, manually disable and then enable the SSH service. For more information see Using ESXi Shell in ESXi 5.x and 6.x.
Note: This issue occurs only during boot. Any fresh attempt to enable the SSH service while the system is running will result in a successful configuration upgrade. This only needs to occur once, the fix is persistent.
To confirm SSH configuration upgrade occurred successfully, examine the first line of the /etc/ssh/sshd_config file. As of ESXi 6.7 U2, the first line will contain the following content: # Version 6.7.2.0
Or
2. Copy a working file from another ESXi 6.7 U2 host so that it contains the entry FipsMode yes
Workaround:
1.To resolve this issue, manually disable and then enable the SSH service. For more information see Using ESXi Shell in ESXi 5.x and 6.x.
Note: This issue occurs only during boot. Any fresh attempt to enable the SSH service while the system is running will result in a successful configuration upgrade. This only needs to occur once, the fix is persistent.
To confirm SSH configuration upgrade occurred successfully, examine the first line of the /etc/ssh/sshd_config file. As of ESXi 6.7 U2, the first line will contain the following content: # Version 6.7.2.0
Or
2. Copy a working file from another ESXi 6.7 U2 host so that it contains the entry FipsMode yes
Additional Information
Feedback
Yes
No
Powered by
