HOWTO: ESXi and SSH
August 10th, 2008
Filed under: Howto, VMware, esxi
I’ve noticed many of the hits on my blog are related to ESXi. One of the most asked questions is how can I SSH to an ESXi hosts? Looking at my wordpress stats, this is also one of the top searches.
By default this isn’t possible. But there’s a way to get this working, just do the following:
- Go to the ESXi console and press alt+F1
- Type: unsupported
- Enter the root password
- At the prompt type “vi /etc/inetd.conf”
- Look for the line that starts with “#ssh” (you can search with pressing “/”)
- Remove the “#” (press the “x” if the cursor is on the character)
- Save “/etc/inetd.conf” by typing “:wq!”
- Restart the management service “/sbin/services.sh restart”
Done!
August 11th, 2008 at 05:47
[...] - there is not a Service Console. ( it is possible to open a busybox console as explained here and here, but this function was intended for VMware Technical Support only. If you listen to the VMTN [...]
August 12th, 2008 at 08:17
I personally don’t like it when you can’t properly troubleshoot. I would like to see that SSH is enabled by default on 3i.
August 12th, 2008 at 08:48
I did it as described but SSH still does not work for me. I use ESXi update 2.
August 12th, 2008 at 08:50
Only after restart of whole system ssh works.
August 12th, 2008 at 11:26
Hmmm , I will test this again Kalle. Thanks for the update.
August 12th, 2008 at 18:47
You don’t need the restart esx3i for enabeling ssh.
Just do a kill -HUP `ps | grep inetd`
August 13th, 2008 at 16:14
Thank you, thank you, thank you! I just need shell access! I like the “unsupported” thing also… very good to know.
August 29th, 2008 at 17:19
Enable SSH on ESXi…
Enable SSH on ESXi…
September 3rd, 2008 at 18:16
One thing to note here is that there is no prompt when you press Alt-F1. You just type “unsupported” blindly.
September 20th, 2008 at 03:13
I tried this and discovered that I did not have an /etc/ssh folder, nor would ssh start (I don’t believe it even existed in my install) I am reinstalling now, but am wondering if maybe in a recent patch to the downloadable ISO they removed capabilities for SSH
September 24th, 2008 at 05:01
I have the current ESXI & yes you can enable SSH, I use it a lot! I haven’t mastered using SCP to copy images around yet.
Cary
October 1st, 2008 at 14:03
Using scp is pretty easy, once you know where the files need to go. This is /vmfs/volumes/nnnnnn
replacing nnnnnn with the name you gave your storage volume in VMware ESXi. Then it’s just a case of:
scp filename.iso root@x.x.x.x:/vmfs/volumes/nnnnnn
replace x.x.x.x with ip address of system (make sure colon : between ip and path to file location.
In Windows, WinSCP is good enough and then you can just point and click to the location, or in Linux use gFTP client or another client with SCP/SSH functionality.
October 1st, 2008 at 16:11
Nice using ssh , you can also doing ssh from esxi do ln -s /sbin/dropbearmulti /bin/ssh
so i have some dificult to use the pub key of the esxi i have genetarted it with :
/bin/dropbearkey -t rsa -f ~/.ssh/id\_rsa.db > ~/.ssh/authorized_keys ttaking the ssh-rsa key and puting it in side my other platforme .ssh/authorised_key and when i do scp from the esxi it need passwd but if i take my pub key from the other host generated with ssh-keygen an puting it in the esxi .ssh/authorised_keys i can do scp/ssh commande without pass from the other host , have some result to do ssh/scp without pass from esxi to do some batch commande .
regards
October 6th, 2008 at 06:18
I did this with ESX Server 3i 3.5.0 and I can connect via SSH, but I get access denied trying to login as root.
There is no /etc/sshd directory to allow root ssh access. Any ideas on how to ssh in as root?
October 7th, 2008 at 10:07
OK, using the IP address to ssh in allows me to login as root, no more access denied message.
October 11th, 2008 at 10:34
Is it possible to connect without a password to ESXi (with ssh keys?). Can anyone tell me step by step how to put my sshkey to esxi? Thanks!
October 11th, 2008 at 14:36
1. create your sshkey with the help of puttykeygen (Win) or ssh-keygen (Linux)
2. create “.ssh” directory
3. Place the keyfile on the host
4. cat keyfile >> authorized_keys ( you can also use vi and use c&p)
5. chmod 0600 on .ssh and authorized_keys
Regards
Joerg
October 16th, 2008 at 23:24
I just found this site and it is nice to know that at one point, SSH was an option. I’m running ESX Server 3i, 3.5.0, 110271 on a Dell PE 2650. This machine is such a hassle to work with. When I try connecting (ssh -24 root@10.0.0.13), I am presented with:
ssh: connect to host 10.0.0.13 port 22: Connection refused
Anyway, I cannot get the SSH server to work for me. My goal was to look at and modify the firewall on this “box.” I’ve installed a pair of Windows 2000 servers into this box and they can see each other via CIFS but they cannot see other Win2k servers on the same segment , not on the ESXi server. They guest Win2k boxes can PING anywhere you like.
On the other side of the coin, the Win2k servers not on the ESXi server can see the “bound” WIN2k machines via CIFS. PING, as you might guess, is also an option.
This “screams” firewall issues to me and is so frustrating. Can anyone help?
October 20th, 2008 at 19:31
David, ensure TOE for the Broadcom NICs on the Dell box are disabled\unlicensed. See if adding a supproted Intel NIC to the group\vswitch and removing the Broadcom NICs causes the issues to go away.
Shoddy Broadcom\Dell QA, drivers, etc. have made these systems needlessly difficult to work with. Kill all offloading (checksumming, TOS, etc) and RSS if you can and re-test function.
These Are WELL-KNOWN issues that particularly impact firewalling, but have been problematic with numerous networking applications. Go Intel and I’d bet your problems dissappear.
Worst case scenario is using non-Broadcom multi-port add-in NICs to get around Dell’s design flaws.
October 25th, 2008 at 23:43
Hey, this is great BUT!!! I’m finding that ESXi FREE VERSION is READ ONLY! I successfully got SSH going on the ESXi installation at work in our test lab, but no deals at home. I need to rename vmdk files so I can use them for new vm’s and it’s not happening. I can’t even get vmkfstools to work at the command line in unsupported mode OR via the remote CLI… bumming bigtime (at home)
October 31st, 2008 at 20:20
Nice work. Got ssh running on ESXi 3.5 on my dell r200 server. Before I had to download iso’s, then use the vmware infrastructure client 2.5 to install a OS for clients, but this take a lot of my time with 100KB upload from my dsl connection. Now I can just download the iso’s to the server storage on 1000mbit line and complete work in no time!
Regards,
Marnix
October 31st, 2008 at 20:24
Sorry for double post, but i’d like to mention that it is wise to block (undo) SSH when you no longer need it. Enable root access for SSH is dangerous.
November 7th, 2008 at 17:44
OK, I tried enabling it in inetd.conf and restarting services, but when I connect via PuTTY, I get “connection refused”. Am I missing someting?
(I’m also on a Dell R200)
November 14th, 2008 at 22:26
I tried this, but it does not worked
In ESXi 3.5 Update 3 typing “unsupported” on first console does nothing
It looks like magic keyword is changed
Is there any idea? How you research for magic keyword? Is it was compiled in something binary or wrote to some script in clear text? And where?
Pls, help, if possible, of course.
November 16th, 2008 at 08:30
I tried this and it works. But on rebooting the esxi server the ssh settings that I uncommented in inetd.conf is not saved and is commented again. I had to go back to the console and change the setting again. Everytime server reboots this needs to be done again.
Is this the way it works or am I missing something ?