On VMware ESXi hosts, remote access to the command line (server console) via SSH is disabled by default. Therefore, when connecting to a host via ssh, you will get an error:
ssh: connect to host 192.168.13.51 port 22: Connection refused
In this article, we will look at all the ways to enable SSH access on VMware ESXi hosts.
Enable SSH access via DCUI console in ESXi.
- You can enable SSH on the VMware ESXi host through the server's DCUI. For this:At the DCUI login screen, press F2 and enter the root password;
- Go to System Customization -> Troubleshooting Options , select Enable SSH and press Enter;
Try to connect to your ESXi host using any SSH client (I use the Windows built-in ssh client):
ssh root@192.168.13.50
After connecting to the server console, you can use ESXi shell commands to perform various maintenance or diagnostic actions. For example:
- Install updates on the ESXi server
- Check/upgrade VM hardware version
- Restart a hung virtual machine
- Recover deleted VMFS datastore, or extend it
- Set up an SNMP agent on ESXi
- Check Availability and Configure iSCSI LUN on VMware ESXi Server
- Reduce the disk size of a VMware virtual machine
It is recommended that you always disable the SSH service after performing an action in the ESXi console.
Enable SSH on ESXi via vSphere Web Client.
You can enable SSH through the vSphere Client web interface.
If you are using a standalone ESXi host (or free VMware Hypervisor), connect to its web interface
https://192.168.13.50/ui/#/host
- Go to the Manage -> Services section;
- In the list of services, select TSM-SSH and click the Start button;
- By default, the SSH service on an ESXi host is manually enabled and disabled. You can set SSH to start automatically by clicking the menu Actions -> Policy -> Start and stop with host.
To enable SSH on an ESXi host connected to vCenter:
- Find a host in the Inventory list;
- Go to the Configure -> Services tab;
- Find the SSH service in the list and enable it with the Start button.
Please note that there is a separate Firewall tab in the host settings. Here you can limit the list of IP addresses from which the ESXi host is allowed to accept SHSH connections (the list is unlimited by default).
Enable SSH access on VMware ESXi using PowerShell.
You can enable an SSH server on an ESXi host using PowerShell cmdlets from the VMware PowerCLI module. We assume that the module is already installed on your computer (if not, install it with the Install-Module -Name VMware.PowerCLI command).
To connect to an ESXi host or vCenter server, run the command:
Connect-VIServer <FQDN_name_vCenter_or_ESXi_hosta>
If the VMware vCenter server uses a self-signed certificate, you must run the following command before connecting:
Set-PowerCLIConfiguration -Scope AllUsers -InvalidCertificateAction Warn
List all ESXi hosts connected to this vCenter server and the status of the SSH service on them:
Get-VMHost| Get-VMHostService | Where Key -EQ "TSM-SSH" | Select VMHost, Key, Running, Policy
To enable SSH on a specific ESXi host, run:
Get-VMHostService -VMHost esxi1 | Where-Object {$_.Key -eq "TSM-SSH" } | Start-VMHostService
If LockDown mode is enabled on the ESXi host, it can be disabled like this:
(Get-VMHost esxi1 |get-view).ExitLockdownMode()
To turn on blocking mode:
(Get-VMHost esxi1|get-view).EnterLockdownMode()
To disable the SSH service on all hosts at once, use the following PowerShell command:
Get-VMHost | Foreach { Stop-VMHostService -confirm:$false -HostService ($_ | Get-VMHostService | Where { $_.Key -eq “TSM-SSH”} )}
To disable SSH login warnings on all ESXi hosts:
Get-VMHost | Get-AdvancedSetting UserVars.SuppressShellWarning |Set-AdvancedSetting -Value 1Don't forget to gracefully end your PowerShell session:
Disconnect-VIServer * -confirm:$false