Enabling root SSH login on an ESX host

SSH is disabled by default for the root account on an ESX host. That is, the actual sshd service does not allow root logins. Non-root users are able to login with SSH. This is another layer of protection in addition to the host firewall.

1. To enable root login for SSH and SCP clients if you have physical access to the ESX host:
STEP 1. Login to the console of your ESX host as the root user.
STEP 2. Edit the configuration file for SSH with the following command:

nano /etc/ssh/sshd_config

STEP 3. Find the line that starts with ‘PermitRootLogin’ and change the ‘no’ to ‘yes’. You can find this line about 2 pages down from the top. Save the file by first pressing ‘Ctrl-O’ and then Enter. Exit with ‘Ctrl-X’.
STEP 4. Restart the sshd service with the command:

service sshd restart
OR
/etc/init.d/sshd restart

2. To enable root login for SSH and SCP clients if you have network access only to the ESX host:
STEP 1. Connect to the ESX host with VMware Infrastructure (VI) or vSphere Client.
STEP 2. Create a new temporary user by going to ‘Local Users & Groups’ tab. Make sure to check ‘Grand shell access to this user’ checkbox and add the user to the ‘root’ group.
STEP 3. Connect to the ESX host over the network using a SSH Client and login as the new temporary user.
STEP 4. Switch user to root by typing the following command:

su -

STEP 5. Type root account password.
STEP 6. Edit the configuration file for SSH with the following command:

nano /etc/ssh/sshd_config

STEP 7. Find the line that starts with ‘PermitRootLogin’ and change the ‘no’ to ‘yes’. You can find this line about 2 pages down from the top. Save the file by first pressing ‘Ctrl-O’ and then Enter. Exit with ‘Ctrl-X’.
STEP 8. Restart the sshd service with the command:

service sshd restart
OR
/etc/init.d/sshd restart

NOTE: Each SSH connection to an ESX host uses additional Service Console resources. Use caution when using scripts or third party software that create multiple SSH sessions to the ESX Service Console. Excessive use of SSH on an ESX machine may cause the service console to exhibit symptoms of memory exhaustion.

Like this:

Be the first to like this post.

~ by Safar Safarov on January 16, 2011.

Posted in VM tips
Tags: enable SSH, enable SSH root, ESX, ESXi, root SSH access denied, root SSH login, SSH, SSH access, SSH access denied, VMware

One Response to “Enabling root SSH login on an ESX host”

Damn, man.. That is so freaking useful!!!!!

Crash said this on June 9, 2011 at 10:41 | Reply

M	T	W	T	F	S	S
« Dec				Feb »
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Safar Safarov's Blog

One Response to “Enabling root SSH login on an ESX host”

Leave a Reply Cancel reply

Categories

RSS Links

Recent Posts

Archives

Tag cloud

Email Subscription

Follow “Safar Safarov's Blog”