A Nutanix cluster relies upon passwordless secure-shell (SSH) connectivity between the controller VMs (CVMs) and the hosts. If you are ever prompted for a password when attempting to connect from a CVM to a host using SSH (instead of being taken directly to the host shell), this could indicate that there is an issue with the SSH key exchange. This could also manifest as other issues such as a hypervisor upgrade failing due to the inability to copy the upgrade bundle to the host. However, please be aware that a prompt for a password could also indicate that a username is being attempted for connection which is not configured for passwordless authentication (i.e. not using the “root” username to login to an AHV or ESXi host).
A host SSH key exchange issue can sometimes be resolved by verifying that an entry for the public key from each CVM is maintained within the authorized_keys file of each of the hosts. If an entry for any of the CVMs is missing, it can simply be added back with a manual edit of the authorized_keys file. More information regarding this procedure can be found within the SSH from CVM to ESXi Host Prompted for Password knowledge base article.