Solved: Re: ESXi 5 - added user can't log on via ssh

alansinclair · ‎07-26-2012

I'm lost in the vast amount of documentation and haven't found anything covering this, so pointers to ESXi command-line docs will be very much appreciated ...

I added a user (with password) on an ESXi 5.0.0 host machine, made the new user a member of the users group, and granted the user shell access. I've double-double-checked the password and shell access setting, but trying to log on to the host fails: the logon just repeats the password prompt then closes the connection. After logging on as root I can su to the new user (password is not requested). Am I misunderstanding something, maybe added users cannot log on? Or have I just missed some setting somewhere?

$ ssh root@10.217.174.27
Password:
The time and date of this login have been sent to the system logs.

<snip>

~ #
~ # su bot

~ $ whoami

bot
~ $ exit
~ # exit
Connection to 10.217.174.27 closed.

$ ssh bot@10.217.174.27
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).

Any suggestions, please, how to get this to work?

Hints on finding the right docs would be great too!!!

akshunj · ‎07-27-2012

You need to add the new user to the root group in order to ssh. That opens up a bunch of other security problems as well. As an alternative, you can also modify the following files to add an ssh user:

/etc/security/access.conf

Add a line allowing your user. For example, for user "bot" add the following before the last line (-:ALL:ALL) in the file:

+:bot:ALL

Modify the following file:

/etc/passwd

Find your user in the line and add a home directory, /tmp works, and then change their interpreter to /bin/ash. So for user "bot" you have a line like:

bot:x:501:100:ESXi User:/tmp:/bin/ash

You should now be able to ssh into the host using your user. The problem is that these files do not have the sticky bit set, so after you reboot the changes will disappear. You can modify this behavior to have your settings persist, but I'll be here all day describing the process. You can probably find a good breakdown of how to have your setting persist on the vm-help forums.

View solution in original post

akshunj · ‎07-27-2012

You need to add the new user to the root group in order to ssh. That opens up a bunch of other security problems as well. As an alternative, you can also modify the following files to add an ssh user:

/etc/security/access.conf

Add a line allowing your user. For example, for user "bot" add the following before the last line (-:ALL:ALL) in the file:

+:bot:ALL

Modify the following file:

/etc/passwd

Find your user in the line and add a home directory, /tmp works, and then change their interpreter to /bin/ash. So for user "bot" you have a line like:

bot:x:501:100:ESXi User:/tmp:/bin/ash

You should now be able to ssh into the host using your user. The problem is that these files do not have the sticky bit set, so after you reboot the changes will disappear. You can modify this behavior to have your settings persist, but I'll be here all day describing the process. You can probably find a good breakdown of how to have your setting persist on the vm-help forums.

alansinclair · ‎07-27-2012

Very many thanks!

> find a good breakdown of how to have your setting persist on the vm-help forums

As a beginner, navigating the forums and trying to find the appropriate one is almost as bad as trying to find appropriate docs. I'm astonished at how impenetrable VMware's websites are 😞

Thanks again for all the detail

akshunj · ‎07-27-2012

Anytime.

FYI the vm-help is actually a separate website from VMware. go to http://vm-help.com

All

ESXi 5 - added user can't log on via ssh