Search the VMware Knowledge Base (KB)
View by Article ID

Unable to connect to ESXi host using SSH (2041660)

  • 10 Ratings

Symptoms

  • Unable to connect to an ESXi host using SSH although SSH is enabled.
  • You see the error:  

    Server unexpectedly closed network connection
  • The /var/log/auth.log file, you see entries similar to:

    2012-12-16T23:46:00Z sshd[636556]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    2012-12-16T23:46:00Z sshd[636556]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
    2012-12-16T23:46:00Z sshd[636556]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    2012-12-16T23:46:00Z sshd[636556]: error: Permissions 0644 for '/etc/ssh/ssh_host_dsa_key' are too open.
    2012-12-16T23:46:00Z sshd[636556]: error: It is recommended that your private key files are NOT accessible by others.
    2012-12-16T23:46:00Z sshd[636556]: error: This private key will be ignored.
    2012-12-16T23:46:00Z sshd[636556]: error: bad permissions: ignore key: /etc/ssh/ssh_host_dsa_key
    2012-12-16T23:46:00Z sshd[636556]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
    2012-12-16T23:46:00Z sshd[636556]: Disabling protocol version 2. Could not load host key
    2012-12-16T23:46:00Z sshd[636556]: sshd: no hostkeys available -- exiting.


    Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Cause

This issue occurs because the SSH private key permission is set only to the root user.

Note: The SSH private key should not be accessed by any other user or group than the root for security reasons.
 
 

Resolution

To resolve this issue, connect to the ESXi host using Remote Console tools:

  1. Login to the local shell on the ESXi host using Remote Console tools.
  2. Modify the private key permission at /etc/ssh/ to 600 using the command:

    # chmod 600 /etc/ssh/ssh_host_rsa_key

  3. Restart the sshd service on the host using the command:

    # ./sbin/services.sh restart

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 10 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 10 Ratings
Actions
KB: