vrandom yet another random IT blog

vROps 6.1 enable ssh

Overview

Whilst deploying a brand new vROps 6.1 environment today I noticed a couple of additional hurdles to enabling SSH that hadn’t been there previously.

The issue

The standard process to enable SSH on a vROps appliance is normally to execute the below commands as root from the command line:

[~]$ chkconfig sshd on
[~]$ service sshd start
Starting SSH daemon	done

enable ssh

However upon trying to authenticate you will find you are unable to do so:

[alex@web01 ~]$ ssh root@vrops-appliance
vRealize Operations Manager Appliance
root@vrops-appliance's password: 
Permission denied, please try again.
root@vrops-appliance's password: 
Permission denied, please try again.
root@vrops-appliance's password: 
Permission denied (publickey,password).

Upon examining the /var/log/auth.log file you will notice it complains about /var/log/btmp having incorrect permissions.

2015-09-15T10:53:02+00:00 localhost sshd[6520]: Failed password for root from 10.x.x.x port 49142 ssh2
2015-09-15T10:53:02+00:00 localhost sshd[6520]: Failed password for root from 10.x.x.x port 49142 ssh2
2015-09-15T10:53:02+00:00 localhost sshd[6520]: Excess permission or bad ownership on file /var/log/btmp
2015-09-15T10:53:02+00:00 localhost sshd[6520]: Excess permission or bad ownership on file /var/log/btmp
2015-09-15T10:53:03+00:00 localhost sshd[6520]: Connection closed by 10.x.x.x [preauth]
2015-09-15T10:53:03+00:00 localhost sshd[6520]: Connection closed by 10.x.x.x [preauth]
2015-09-15T10:53:04+00:00 localhost sshd[7746]: pam_tally2(sshd:auth): user root (0) tally 11, deny 3
2015-09-15T10:53:08+00:00 localhost sshd[7746]: Failed password for root from 10.x.x.x port 49364 ssh2
2015-09-15T10:53:08+00:00 localhost sshd[7746]: Failed password for root from 10.x.x.x port 49364 ssh2
2015-09-15T10:53:08+00:00 localhost sshd[7746]: Excess permission or bad ownership on file /var/log/btmp
2015-09-15T10:53:08+00:00 localhost sshd[7746]: Excess permission or bad ownership on file /var/log/btmp
2015-09-15T10:53:11+00:00 localhost sshd[7746]: pam_tally2(sshd:auth): user root (0) tally 12, deny 3
2015-09-15T10:53:14+00:00 localhost sshd[7746]: Failed password for root from 10.x.x.x port 49364 ssh2
2015-09-15T10:53:14+00:00 localhost sshd[7746]: Failed password for root from 10.x.x.x port 49364 ssh2
2015-09-15T10:53:14+00:00 localhost sshd[7746]: Excess permission or bad ownership on file /var/log/btmp
2015-09-15T10:53:14+00:00 localhost sshd[7746]: Excess permission or bad ownership on file /var/log/btmp

So lets fix this by executing the below commands:

[~]$ chown root.utmp /var/log/btmp
[~]$ chmod 0600 /var/log/btmp

enable ssh

You should now be able to authenticate remotely to your vROps instance. Unless… You’ve had too many attempts and have locked the account out. If so please see this article to unlock the root account. Unlocking VMware Appliance Accounts

I’ve logged an SR with VMware to clarify whether this is desired operation, and to further validate the fix, I’ll update this article when I get a response.

References

FIN