vCenter HA uses SSH keys for password-less authentication between the Active, Passive, and Witness nodes. The authentication is used for heartbeat exchange and file and data replication. To replace the SSH keys in the nodes of a vCenter HA cluster, you deactivate the cluster, generate new SSH keys on the Active node, transfer the keys to the passive node, and activate the cluster.
Procedure
- Edit the cluster and change the mode to Disabled.
- Log in to the Active node by using the Virtual Machine Console or SSH.
- Activate the bash shell.
- Run the following command to generate new SSH keys on the Active node.
/usr/lib/vmware-vcha/scripts/resetSshKeys.py
- Use SCP to copy the keys to the Passive node and Witness node.
- Edit the cluster configuration and set the vCenter HA cluster to Enabled.
