As, to my surprise, I still daily have 300/400 unique views on my article about how to enable SSH on ESXi 3.x I figured people would be interested in knowing how to enable it on ESXi 4.1. SSH is part of the TSM (Tech Support Mode) functionality. There are two different kind of Tech Support Modes:
- Local Tech Support (Commandline access)
- Remote Tech Support (SSH)
Enabling either of the two is really simple:
- Open the ESXi console
- Login(F2) and go to “Troubleshooting Options“
- Now you will see options called “Tech Support”, hit “enter” on either Remote Tech Support (SSH) or Local Tech Support
You could of course also enable it through the vSphere Client:
- Select the host and click the Configuration tab.
- Click Security profile > Properties.
- Click Local Tech Support or Remote Tech Support (SSH) and click Options.
- Choose the desired startup policy and click Start, then click OK.
- Verify that the daemon selected in step 3 shows as running in the Services Properties window.
Forbes Guthrie says
Hi Duncan,
You describe one of the TSM modes as “Local Tech Support (Direct Console UI)”. I think you might want to point out in the article that there is a differentiation between local TSM and the DCUI. The DCUI is the yellow menu driven tool, the local TSM is the simple shell based on busybox. There are important impacts on the difference when it comes to lockdown mode as well. In the security profile section, there is a listing for all three modes: local TSM, remote TSM and the DCUI.
Cheers, Forbes.
Duncan Epping says
Thanks for spotting that! somehow I mislabelled it.
Max says
It’s one step forward – two steps back. I’d rather spend extra two minutes enabling ssh using vi in iLO/DRAC console, but not have the “Configuration issues” warning in vCenter afterward.
joe says
In 4.1 you also have edit Advanced Config:UserVars:TSM timeout (or something similar in that location) to keep ssh running. Remote ssh will be enabled for the period of time set in seconds (I usually set it 300 to 600). This is designed to keep your host more secure by disabling ssh when not needed, and forcing you to enable it when needed. Once a session is established it will not timeout when sshd is disabled.
This has got me a few times. Without setting the timeout, it starts then immediatly stops, not what you wanted.
Andrew Miller says
Ditto to Max — I was going to leave SSH enabled (protected VLAN already, etc.) but if I do then vCenter shows a constant alert…..ah well….
Mariette Ahn says
today´s advance in application straighten existence so such easier than it was before, but sr. people tend to eff difficulties in accepting and intellect subject
Duncan Epping says
I know it shows an alert, I am not a fan of it either but currently there is no way to remove it unfortunately.
Eric Gray says
It turns out the warning goes away after rebooting or restarting hostd. Who would have thought?
http://www.vcritical.com/2011/02/get-rid-of-those-esxi-tech-support-mode-warnings/
Sanjay P. Thakur says
Hi,
This is very use full info.
I stuck on that point after upgrading the ESX 4.1i to ESX 5.0 after that I was facing that error.
It’s help full for me.
Thanks for the Info.
Ben Del Vento says
FYI FYI
http://communities.vmware.com/thread/328545
Works with 5.0.
Duncan Epping says
http://www.yellow-bricks.com/2011/07/21/esxi-5-suppressing-the-localremote-shell-warning/