vCenter Received Disconnect - Too Many Authentication Failures

vCenter Received Disconnect - Too Many Authentication Failures

After recently trying to SSH into my vCenter appliance for the first time in months, I was surprised to find that I was presented with the following message:

➜  ~ ssh [email protected]

VMware vCenter Server 7.0.2.00500

Type: vCenter Server with an embedded Platform Services Controller

Received disconnect from 10.10.30.100 port 22:2: Too many authentication failures
Disconnected from 10.10.30.100 port 22

I found this to be odd.  I wasn't prompted for my password at all and was immediately given a message saying that my connection was disconnected.

In an attempt to gain a bit more info on what was going on, I re-ran the ssh command – this time with the -v option.  The -v option provides the user with more verbose output when running a command.

I was now presented with quite a bit more output, some of it being particularly interesting:

➜  ~ ssh -v [email protected]
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to 10.10.30.100 [10.10.30.100] port 22.
debug1: Connection established.
debug1: identity file /Users/tcude/.ssh/id_rsa type 0
debug1: identity file /Users/tcude/.ssh/id_rsa-cert type -1
debug1: identity file /Users/tcude/.ssh/id_dsa type -1
debug1: identity file /Users/tcude/.ssh/id_dsa-cert type -1
debug1: identity file /Users/tcude/.ssh/id_ecdsa type -1
debug1: identity file /Users/tcude/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/tcude/.ssh/id_ed25519 type -1
debug1: identity file /Users/tcude/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/tcude/.ssh/id_xmss type -1
debug1: identity file /Users/tcude/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.8
debug1: match: OpenSSH_7.8 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.10.30.100:22 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:V4K/ZNVuu926/ZaO++n9puBI0mK7B1uwHVnaHmtKlEE
debug1: Host '10.10.30.100' is known and matches the ECDSA host key.
debug1: Found key in /Users/tcude/.ssh/known_hosts:7
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: Will attempt key: /Users/tcude/.ssh/id_rsa RSA SHA256:cLQZ8E4KKfzxaPe+4MDHYtVUpPt0p2JMJUmhlq4qDXI
debug1: Will attempt key: /Users/tcude/.ssh/id_dsa
debug1: Will attempt key: /Users/tcude/.ssh/id_ecdsa
debug1: Will attempt key: /Users/tcude/.ssh/id_ed25519
debug1: Will attempt key: /Users/tcude/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received

VMware vCenter Server 7.0.2.00500

Type: vCenter Server with an embedded Platform Services Controller

debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/tcude/.ssh/id_rsa RSA
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /Users/tcude/.ssh/id_dsa
debug1: Trying private key: /Users/tcude/.ssh/id_ecdsa
debug1: Trying private key: /Users/tcude/.ssh/id_ed25519
debug1: Trying private key: /Users/tcude/.ssh/id_xmss
debug1: Next authentication method: keyboard-interactive
Received disconnect from 10.10.30.100 port 22:2: Too many authentication failures
Disconnected from 10.10.30.100 port 22

I'm now able to see that, whether I've wanted it to or not, my SSH connection is defaulting to trying to use key based authentication, which I have not configured for my vCenter appliance.

SSH'ing using password-based authentication would simply be a matter of trying again – this time using the option shown below to tell it not to use any of my keys:

➜  ~ ssh -o PubkeyAuthentication=no [email protected]

VMware vCenter Server 7.0.2.00500

Type: vCenter Server with an embedded Platform Services Controller

[email protected]'s password:
Connected to service

    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"

Command>

As you can see, using -o PubkeyAuthentication=no, I was able to provide my password and log in with no issues.

That's all there is to it! Feel free to drop a comment if you have any questions about this process