vCenter HA uses SSH keys for password-less authentication between the Active, Passive, and Witness nodes. The authentication is used for heartbeat exchange and file and data replication. To replace the SSH keys in the nodes of a vCenter HA cluster, you disable the cluster, generate new SSH keys on the Active node, transfer the keys to the passive node, and enable the cluster.

Procedure

  1. Edit the cluster and change the mode to Disabled.
  2. Log in to the Active node by using the Virtual Machine Console or SSH.
  3. Enable the bash shell.
    bash
  4. Run the following command to generate new SSH keys on the Active node.
    /usr/lib/vmware-vcha/scripts/resetSshKeys.py
  5. Use SCP to copy the keys to the Passive node and Witness node.
    scp /vcha/.ssh/*
  6. Edit the cluster configuration and set the vCenter HA cluster to Enabled.