Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Enable or disable SSH on VMWare vCenter Server Appliance (VCSA)

September 11, 2017 05:37PM

Keeping disabled SSH service in VMWare Environment is a best practices, specially on Esxi server and VCSA appliance. Use only when required to reduce any attack surface, this might be your information security who ask you to implement SSH related settings. For Esxi to change settings follow my earlier article VMWARE SECURITY BEST PRACTICES: POWERCLI ENABLE OR DISABLE ESXI SSH. When you deploy and setup VCSA for the first time you can enable SSH while setting up, Deploy install VCSA (vCenter server appliance 6.5). There may be a scenario you might keep SSH disabled while installation. and wants to enable it later for troubleshooting to gather information purpose, same is achievable in below few ways. 

First way is using VCSA management portal. Use https://vcsaIP_or_FQDN:5480 portal in the browser. Provide root username and password. In the Navigator pane on the right hand side, click Access, there is Edit button to Enable SSH login.

VMWare vcenter appliance vcsa management portal 5480 edit access settings, ssh login enabled bash shell


Next way is on vmware vsphere web client, use https://vcsa/vsphere-client to login, Expand and Click Home button. go to Home >> Administration >> System Configuration

vmware workstation vcsa, vsphere vmware vcenter server appliance vcsa vsphere-client home, administration, system configuration

Here click on the Nodes in the Navigator pane, In the right hand side click Objects tab. Under Actions button click Edit Settings, Under Access use checkbox to Enable SSH login. Modifying other SSH, Time Out settings also can be defined here.

vmware vcenter server appliance, vcsa, vsphere-client, System Configuration, Nodes and services, Objects action, edit settings, enable ssh login, access


Another way is from VCSA dcui (Direct console user interface), if you don't see screenshot like below and just see it is asking for username and password, Press Alt + F2 to change to dcui console. Next use F2 button to login as root.

vmware vcenter server appliance  with embedded platform service controller vcsa DCUI direct control user interface alt f2 enable ssh

Use keyboard to go to, Under System Customization scroll down to Troubleshooting Mode options to view various troubleshooting options like Enable BASH Shell and Enable SSH. Enable SSH here.

vmware vcenter server appliance vcsa, system customization, Troubleshooting Mode, Options enable SSH


In the next ssh into VCSA using putty or any other tool, by default it will open command shell, but you are not into the bash shell yet. By default shell is disabled, I can verify it running command shell. next check the status of shell by running shell.get, as expected it is disabled. You can enable it using shell.set --enabled true. Check the status again shell.get, as expected it is enabled. Once again run command shell. you are in.

The "pi shell" is intended for advanced troubleshooting operations and while supported in this release, is a deprecated interface, and may be removed in a future version of the product.  For alternative commands, exit the "pi shell" and run the "help" command. The "pi shell" command launches a root bash shell.  Commands within the shell are not audited, and improper use of this command can severely harm the system. Help us improve the product!  If your scenario requires "pi shell," please submit a Service Request, or post your scenario to the https://communities.vmware.com/community/vmtn/vcenter/vc forum and add "appliance" tag.

vcenter server with an embeded psc SSH logged in shell ssh enabled putty shell.set --enabled true, shell.get

In this temporary BASH shell, run this command to permanently configure the default Shell to BASH for Root chsh -s /bin/bash root, Log out from the BASH Shell. Log in again for the changes to take effect. If you would like to launch it to appliance shell once you login use command chsh -s /bin/appliancesh rootReference

Useful blogs
Deploy install VCSA (vCenter server appliance 6.5) on VMWare Workstation
VMWARE VSPHERE UPDATE MANAGER (VUM) - IMPORTING ESXI ISO AND CREATE UPGRADE BASELINE1
CREATE VIRTUAL DATACENTER AND ADD ESXI HOST ON VCENTER SERVER
ADDING AND ASSIGNING VSPHERE LICENSES IN VCENTER SERVER AND ESXI
ADDING AND CONFIGURING VMWARE VSPHERE VCENTER SSO ACTIVE DIRECTORY AS LDAP SERVER
VMWARE VSPHERE POWERCLI INSTALLATION AND CONFIGURATION STEP BY STEP
 

Go Back

Comment