# Unable to Login to DU-VM After Changing DU-Host SSH-Key ## Problem Unable to access on-prem management plane once the SSH-public key has been changed on the DU host VM. {% tabs %} {% tab title="Sample Output" %} ```bash [centos@onprem-du-host-5-3 .ssh]$ ssh centos@192.168.120.254 Permission denied (publickey) ``` {% endtab %} {% endtabs %} ## Environment * Platform9 Edge Cloud - All Versions ## Cause * SSH public key reset from the Host. \[Generating new SSH key pair in the Host] and the DU VM being unaware about the new public key of the SSH. ## Resolution You need to copy the new SSH key ***\[id\_rsa.pub]*** into the DU VM ***/home/centos/.ssh/authorized\_keys*** file to fix this issue. To resolve this issue, follow the below steps : 1. To access DU VM via Single-User mode, login to the DU host server via SSH, List the DU VM with *virsh* commands to ensure the VM is in running status: {% tabs %} {% tab title="Bash" %} ```bash $ sudo virsh list --all Id Name State ---------------------------------------------------- 1 pf9-mplane running ``` {% endtab %} {% endtabs %} {% tabs %} {% tab title="Bash" %} ```bash $ sudo virsh net-dhcp-leases pf9-mplane Expiry Time MAC-address Protocol IP-address Hostname Client-ID or DUID ------------------------------------------------------------------------------ 2022-01-31 10:41:08 50:e4:cb:c0:0a:02 ipv4 192.168.120.254/24 pf9-mplane -- ``` {% endtab %} {% endtabs %} 2. Now reboot the DU VM and access the VM console using the *virsh* command: {% tabs %} {% tab title="Bash" %} ```bash $ sudo virsh reboot pf9-mplane; sudo virsh console pf9-mplane ``` {% endtab %} {% endtabs %} 3. In the console find the kernel line starting with ***linux16***. And add ***rd.break*** at the end of this line. And press **CTRL+X** to resume the OS booting process with the new settings. {% tabs %} {% tab title="Bash" %} ```bash linux16 /boot/vmlinuz-3.10.0-1160.49.1.el7.x86_64 root=UUID=f856d385-fe64-4188-b4f8-51f6089b75e6 ro console=tty0 console=ttyS0,115200n8 crashkernel=\ auto console=ttyS0,115200 LANG=en_US.UTF-8 rd.break ``` {% endtab %} {% endtabs %} 4. Once you get the shell access, mount the ***/sysroot*** in ***rw*** read-write mode using the below command: {% tabs %} {% tab title="sh" %} ```javascript switch_root:/# mount -oremount,rw /sysroot ``` {% endtab %} {% endtabs %} 5. To treat the directory as a root and to redirect to the shell prompt use {% tabs %} {% tab title="sh" %} ```javascript switch_root:/# chroot /sysroot ``` {% endtab %} {% endtabs %} ``` 6. Now append the new SSH public key _**[id_rsa.pub]**_ of the DU host into the below file in the DU VM and save it. And restart the sshd service: ``` {% tabs %} {% tab title="sh" %} ```javascript sh-4.2# vi /home/centos/.ssh/authorized_keys sh-4.2# systemctl restart sshd ``` {% endtab %} {% endtabs %} 7. After making any changes, it is recommended to relabel the file system to make all the applications start with the proper label. {% tabs %} {% tab title="sh" %} ```javascript sh-4.2# touch /.autorelabel ``` {% endtab %} {% endtabs %} 8. Now exit from the shell which will automatically boot the DU VM with newly added SSH key: {% tabs %} {% tab title="sh" %} ```javascript sh-4.2# exit exit switch_root:/# exit ``` {% endtab %} {% endtabs %} 9. Now, from the DU host, try to SSH into the DU VM using the below command. You should be able to login to the VM using the new SSH pub key added. {% tabs %} {% tab title="Bash" %} ```bash $ ssh centos@192.168.120.254 Last login: Mon Jan 31 09:19:32 2022 from 192.168.120.1 [centos@airctl-1 ~]$ ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://platform9.com/kb/smcp/solution/unable-to-login-to-du-vm-after-changing-du-host-ssh-key.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.