VMware Security best practices are to not allow PermitRootLogin to an ESX host.
I could not SSH into a newly provisioned host. The server would not allow root login (rightfully so), and my domain account could not log in either.
This is how I solved the issue.
Logged into the ESX host directly with the vSphere Client.
Created a new user with SSH access to the host.
Logged in to the host and found what the problem was time skew.
Here is the error from
Jan 9 09:52:36 ilesxdmz1 sshd: pam_krb5: authentication fails for 'msaidelk' ([email protected]): Authentication failure (Clock skew too great)
Fixed the time issue.
Test SSH access with my domain account - Success.
Removed the temporary account.
The full how-to including video - is in the KB above.
And a bit of PowerCLI to create (and remove) the user, instead of having to open up the GUI.
New-VMHostAccount -Server esx1.maishsk.local -Id maish -Password "a:123456" -UserAccount -GrantShellAccess:$true -AssignGroups root
#And remove afterwards
Get-VMHostAccount -Server esx1.maishsk.local -Id maish | Remove-VMHostAccount -confirm:$false