Microsoft

Friday, 16 July 2021

Access Denied SSH SSDC manager despite entering correct password

Most often we face an issue where we try to login any photon OS appliance using ssh but we get error access denied, now if the error is due to no access then solution is to provision access, however if the account has access and you are entering correct password still you are getting this error then you must consider that the account might have been locked due to failed login attempts.


Recently I encountered this issue with SDDC manager, and I followed below mentioned steps to resolve it.

  • Start with login on to SDDC manager using console with root credentials (Use credentials from planning and prepration workbook.), and run below mentioned commands in same order. We are using the Pam_tally2 for resetting the failed login counts, which will allow us to login with the correct password.

"Pam_tally2 -u vcf" run it without quotes, it will show you how many failure counts you have and when was the last failed login.


  • Now run "Pam_tally2 -u vcf -r" this command will reset the failed attempt count.

  • Run "Pam_tally2 -u vcf" again to make sure command has taken into effect. 


  • But if you don't remember the password for vcf user then please run command "passwd vcf", this will let you reset the password for SDDC manager vcf account.

  • Now you should be able to login with correct password.


  • Now, you must be thinking what is we forget the password for "root" account as well. Thats very well a possibility. But in that case only option is to restart the appliance and use the grub menu. These are the same steps which can be used to reset password for any photon based appliance.
  • When you reboot the appliance, at the boot screen press "e" to edit grub menu.

  • Enter "rw init=/bin/bash" at the end of the boot loader and press F10 to continue boot.

  • At the next prompt, please enter the command "mount -o remount,rw /".


  • Now, you can use the passwd command to reset the password for the accounts. In this example i have used vCenter server to demonstrate the steps and this confirms that this method works for all Photon OS appliances. I have used same password, because changing password for vCenter with this method will break the connection with SDDC manager. Be aware that process is not complete as you might have locked the root account with multiple login attempts with incorrect password. Please use the steps explain in the article above to unlock the account at the same time after password reset.


  • Once you have used "/sbin/pam_tally2 -r -u root" to unlock root account as explained in this article, use the command "reboot -f" for booting appliance normally.

 I hope I was able to add value, if your answer is yes, then don't forget to share and follow. 😊


If you want me to write on specific content or you have any feedback on this post, kindly comment below.

If you want, you can connect with me on Linkedin, and please like and subscribe my youtube channel VMwareNSXCloud for step by step technical videos.

No comments:

Post a Comment

Popular posts