Overview
A VMware ESXi Inspector may fail with the following Setup Issue despite the SSH service being enabled and the configured credentials being correct:
All authentication methods failed
In some environments, the issue is not caused by incorrect credentials or insufficient permissions. Instead, the ESXi host successfully authenticates the user but immediately terminates the SSH session because the service account is denied shell access through the ESXi access control configuration.
This article explains how to identify this scenario and restore SSH access for the service account used by the VMware ESXi Inspector..
Symptoms
The VMware ESXi Inspector displays the following error:
Setup Issue : All authentication methods failed
Additional observations may include:
SSH is enabled on the ESXi host.
The configured username and password are correct.
The service account has the required administrative role.
Re-running the inspection with Clear Cache + Debug does not resolve the issue.
The ESXi root account can successfully connect through SSH.
The Liongard service account disconnects immediately after authentication.
Prerequisites
Before following this article, verify the standard VMware ESXi Inspector configuration:
SSH is enabled on the ESXi host.
The SSH Startup Policy is configured appropriately (recommended: Start and Stop with Host).
The Liongard Agent can communicate with the ESXi host over TCP port 22.
The service account has been configured according to the VMware ESXi Inspector Setup Guide.
The configured credentials have been verified.
If these requirements have not been confirmed, first review the VMware ESXi Inspector Setup Guide.
Verify SSH Connectivity
From the Windows management device hosting the Liongard Agent, open PowerShell and test SSH connectivity.
ssh <username>@<ESXi-IP>
Example
ssh liongard_svc@192.192.192.0
If prompted, accept the host fingerprint.
After entering the password, you may observe:
Connection closed by <ESXi-IP> port 22
instead of receiving an ESXi shell.
This behavior indicates that authentication succeeded but the SSH session was immediately terminated by the ESXi host.
Ref:
Compare Using the Root Account
Next, test the same connection using the root account.
ssh root@<ESXi-IP>
If the root account successfully opens an SSH session while the Liongard service account is immediately disconnected, the issue is likely caused by ESXi access restrictions rather than invalid credentials.
Verify ESXi Access Configuration
While connected as the root user, inspect the access control configuration.
vi /etc/security/access.conf
Review the file for an entry similar to:
-:liongard_svc:ALL
The leading minus (-) explicitly denies SSH shell access for that account.
Although the account authenticates successfully, ESXi immediately closes the SSH session before Liongard can execute any inspection commands.
Ref:
As a result, the VMware ESXi Inspector reports:
All authentication methods failed
even though authentication itself is successful.
Resolution
Modify the access rule to allow shell access for the service account.
Change:
-:liongard_svc:ALL
to:
+:liongard_svc:ALL
Save the file.
After making the change, reconnect using the Liongard service account.
ssh liongard_svc@<ESXi-IP>
If the account now receives an interactive shell instead of immediately disconnecting, the shell restriction has been removed.
Making the Change Persistent
On ESXi, modifications to access.conf may be overwritten after a host reboot.
To make the change persistent, update the startup script so the access rule is reapplied during boot.
Example:
sed -i '/exit 0/i sed -i "s/-:<service_account>:ALL/+:<service_account>:ALL/g" /etc/security/access.conf' /etc/rc.local.d/local.sh
This inserts a command into local.sh that reapplies the change whenever the ESXi host starts.
šØNote: Before making persistent configuration changes, consult your organization's VMware administration policies and validate the change in accordance with your environment's security requirements.
Validate the Resolution
After restoring SSH shell access:
Verify that the Liongard service account can successfully establish an SSH session.
Return to the Liongard platform.
Run the VMware ESXi Inspector using Clear Cache + Debug.
Allow the inspection to complete.
The inspector should complete successfully once SSH shell access is available to the configured service account.
Root Cause
The VMware ESXi Inspector authenticates to the ESXi host over SSH and executes a series of shell commands to collect inventory and configuration data.
In this case, authentication succeeded, but ESXi denied shell access through the local access control configuration (/etc/security/access.conf). Because the SSH session was terminated immediately after authentication, Liongard could not execute the required commands and returned the generic error:
All authentication methods failed
Restoring SSH shell access for the service account resolves the issue.