ESXi ssh and non-root users
Filed under: esxi
I’ve never seen this before. I wrote an article about root SSH access to a ESXi system. Today I noticed a blog entry that describes how you can disable root access for SSH and create users which can use “su” to become root! Cool stuff.
Check the article here! Here’s the procedure:
br>Log in to the console,
edit the inetd.conf:vi /etc/inetd.conf
search for the following line (type: “/ssh”) (This is the line you uncommented to enable SSH in the first place.)
ssh stream tcp nowait root /sbin/dropbearmulti dropbear ++min=0,swap,group=shell -i
add -w to the end of this line: (type: “i” for insert mode):
ssh stream tcp nowait root /sbin/dropbearmulti dropbear ++min=0,swap,group=shell -i -w
Exit and save the file (press escape, type “: x”)
Create a /home directorymkdir /home
Create a new unprivileged user:
useradd your_name
Change the password for this user:
passwd your_name
Reboot the server
reboot
Once rebooted,
Log in with SSH using your new unprivileged user
Usesu -
to change to the root user.
Tested on:
VMware ESXi 3.5.0_Update_2-103909





August 14th, 2008 at 16:35
Hey Duncan,
you can even make this approach a little bit more secure:
- enable ssh-login via PPK
- disable ssh-login with password
- additionally, you can configure a sudo for your non-root user to not need to type in the root password:
—-
## Allow username to become root
username ALL=NOPASSWD:/bin/su -
—-
Thats how we secure ssh access to our ESX (and UNIX/LINUX) servers. The public key file is kept up-to-date on a server with a unique private key only for that purpose. From there it is distributed to all of the servers with PPK-login enabled. We yet havent tested it with ESXi, but may there it is possible too…?
BR
Steffen
September 25th, 2008 at 05:38
??ESXi ?SSH…
??console: ??:…