Article number
000003898
Affected Versions
All
Source Hypervisor
All
Target Hypervisor
All

Problem with VRA install when ESXi host does not allow root login using SSH

Viewed 1050 times

Summary

This article covers a scenario when root login via SSH access is disabled, resulting in a VRA installation failure.

Root Cause

The ESXi host SSH configuration file below is configured to deny the root account access to the host via SSH.

/etc/ssh/sshd_config

Find the line that starts with PermitRootLoginand verify it is set to no.

Symptoms

SSH access is disabled for the root account on the ESXi host used for the VRA installation.

The VRA installation fails with the same symptoms below using the host root password method of VRA installation and using the VIB method of installation.

The VRA installation fails and the following event is generated under the Monitoring section of the ZVM GUI:
VRA installation IP=[IP Address].
Failed: An SSH connection cannot be established between the host and the VRA.
Check that the VRA file '/etc/ssh/keys-root/authorized_keys' includes the Zerto private key.
Also check /var/log/zerto_vib_postinst.log and /var/log/esxupdate.log on the host.


The ZVM log file covering the time of the failed VRA installation contains the error:
00000000,121e1925,,,20-02-24 19:47:45.63,I,30,ClientBasedSshConnection,ConnectImpl,SSH authentication
failed,"Renci.SshNet.Common.SshAuthenticationException Void Authenticate(Renci.SshNet.IConnectionInfoInternal, Renci.SshNet.ISession)
Renci.SshNet.Common.SshAuthenticationException: Permission denied (publickey)
.

Solution

Solution 1
Edit the ESXi host SSH configuration file below in order to allow the root account access to the host via SSH.
/etc/ssh/sshd_config
Find the line that starts withPermitRootLoginand change the noto yes.

Solution 2
Contact Zerto Support and reference this KB article in order to get assistance configuring Zerto to use a non-root account for VRA installation.