• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Yellow Bricks

by Duncan Epping

  • Home
  • ESXTOP
  • Stickers/Shirts
  • Privacy Policy
  • About
  • Show Search
Hide Search

HOWTO: ESXi and SSH

Duncan Epping · Aug 10, 2008 ·

I’ve noticed many of the hits on my blog are related to ESXi. One of the most asked questions is how can I SSH to an ESXi hosts? Looking at my wordpress stats, this is also one of the top searches.

By default this isn’t possible. But there’s a way to get this working, just do the following:

  1. Go to the ESXi console and press alt+F1
  2. Type: unsupported
  3. Enter the root password(No prompt, typing is blindly)
  4. At the prompt type “vi /etc/inetd.conf”
  5. Look for the line that starts with “#ssh” (you can search with pressing “/”)
  6. Remove the “#” (press the “x” if the cursor is on the character)
  7. Save “/etc/inetd.conf” by typing “:wq!”
  8. Restart the management service “/sbin/services.sh restart”

Done!

Related

Server esxi, Howto

Reader Interactions

Comments

  1. Rob Mokkink says

    12 August, 2008 at 08:17

    I personally don’t like it when you can’t properly troubleshoot. I would like to see that SSH is enabled by default on 3i.

  2. Kalle says

    12 August, 2008 at 08:48

    I did it as described but SSH still does not work for me. I use ESXi update 2.

  3. Kalle says

    12 August, 2008 at 08:50

    Only after restart of whole system ssh works.

  4. Duncan Epping says

    12 August, 2008 at 11:26

    Hmmm , I will test this again Kalle. Thanks for the update.

  5. Rob Mokkink says

    12 August, 2008 at 18:47

    You don’t need the restart esx3i for enabeling ssh.
    Just do a kill -HUP `ps | grep inetd`

  6. El Cabong says

    13 August, 2008 at 16:14

    Thank you, thank you, thank you! I just need shell access! I like the “unsupported” thing also… very good to know.

  7. Paul Hoffman says

    3 September, 2008 at 18:16

    One thing to note here is that there is no prompt when you press Alt-F1. You just type “unsupported” blindly.

  8. Steve Ashman says

    20 September, 2008 at 03:13

    I tried this and discovered that I did not have an /etc/ssh folder, nor would ssh start (I don’t believe it even existed in my install) I am reinstalling now, but am wondering if maybe in a recent patch to the downloadable ISO they removed capabilities for SSH

  9. Cary Bielenberg says

    24 September, 2008 at 05:01

    I have the current ESXI & yes you can enable SSH, I use it a lot! I haven’t mastered using SCP to copy images around yet.

    Cary

  10. Ian Walker says

    1 October, 2008 at 14:03

    Using scp is pretty easy, once you know where the files need to go. This is /vmfs/volumes/nnnnnn

    replacing nnnnnn with the name you gave your storage volume in VMware ESXi. Then it’s just a case of:

    scp filename.iso [email protected]:/vmfs/volumes/nnnnnn

    replace x.x.x.x with ip address of system (make sure colon : between ip and path to file location.

    In Windows, WinSCP is good enough and then you can just point and click to the location, or in Linux use gFTP client or another client with SCP/SSH functionality.

  11. hubert says

    1 October, 2008 at 16:11

    Nice using ssh , you can also doing ssh from esxi do ln -s /sbin/dropbearmulti /bin/ssh
    so i have some dificult to use the pub key of the esxi i have genetarted it with :
    /bin/dropbearkey -t rsa -f ~/.ssh/id\_rsa.db > ~/.ssh/authorized_keys ttaking the ssh-rsa key and puting it in side my other platforme .ssh/authorised_key and when i do scp from the esxi it need passwd but if i take my pub key from the other host generated with ssh-keygen an puting it in the esxi .ssh/authorised_keys i can do scp/ssh commande without pass from the other host , have some result to do ssh/scp without pass from esxi to do some batch commande .
    regards

  12. PKD says

    6 October, 2008 at 06:18

    I did this with ESX Server 3i 3.5.0 and I can connect via SSH, but I get access denied trying to login as root.

    There is no /etc/sshd directory to allow root ssh access. Any ideas on how to ssh in as root?

  13. PKD says

    7 October, 2008 at 10:07

    OK, using the IP address to ssh in allows me to login as root, no more access denied message.

  14. Andy says

    11 October, 2008 at 10:34

    Is it possible to connect without a password to ESXi (with ssh keys?). Can anyone tell me step by step how to put my sshkey to esxi? Thanks!

  15. Joerg says

    11 October, 2008 at 14:36

    1. create your sshkey with the help of puttykeygen (Win) or ssh-keygen (Linux)
    2. create “.ssh” directory
    3. Place the keyfile on the host
    4. cat keyfile >> authorized_keys ( you can also use vi and use c&p)
    5. chmod 0600 on .ssh and authorized_keys

    Regards
    Joerg

  16. David says

    16 October, 2008 at 23:24

    I just found this site and it is nice to know that at one point, SSH was an option. I’m running ESX Server 3i, 3.5.0, 110271 on a Dell PE 2650. This machine is such a hassle to work with. When I try connecting (ssh -24 [email protected]), I am presented with:

    ssh: connect to host 10.0.0.13 port 22: Connection refused

    Anyway, I cannot get the SSH server to work for me. My goal was to look at and modify the firewall on this “box.” I’ve installed a pair of Windows 2000 servers into this box and they can see each other via CIFS but they cannot see other Win2k servers on the same segment , not on the ESXi server. They guest Win2k boxes can PING anywhere you like.

    On the other side of the coin, the Win2k servers not on the ESXi server can see the “bound” WIN2k machines via CIFS. PING, as you might guess, is also an option.

    This “screams” firewall issues to me and is so frustrating. Can anyone help?

  17. Owen says

    20 October, 2008 at 19:31

    David, ensure TOE for the Broadcom NICs on the Dell box are disabled\unlicensed. See if adding a supproted Intel NIC to the group\vswitch and removing the Broadcom NICs causes the issues to go away.

    Shoddy Broadcom\Dell QA, drivers, etc. have made these systems needlessly difficult to work with. Kill all offloading (checksumming, TOS, etc) and RSS if you can and re-test function.

    These Are WELL-KNOWN issues that particularly impact firewalling, but have been problematic with numerous networking applications. Go Intel and I’d bet your problems dissappear.

    Worst case scenario is using non-Broadcom multi-port add-in NICs to get around Dell’s design flaws.

  18. Greg says

    25 October, 2008 at 23:43

    Hey, this is great BUT!!! I’m finding that ESXi FREE VERSION is READ ONLY! I successfully got SSH going on the ESXi installation at work in our test lab, but no deals at home. I need to rename vmdk files so I can use them for new vm’s and it’s not happening. I can’t even get vmkfstools to work at the command line in unsupported mode OR via the remote CLI… bumming bigtime (at home)

  19. Northwood says

    31 October, 2008 at 20:20

    Nice work. Got ssh running on ESXi 3.5 on my dell r200 server. Before I had to download iso’s, then use the vmware infrastructure client 2.5 to install a OS for clients, but this take a lot of my time with 100KB upload from my dsl connection. Now I can just download the iso’s to the server storage on 1000mbit line and complete work in no time!

    Regards,

    Marnix

  20. Northwood says

    31 October, 2008 at 20:24

    Sorry for double post, but i’d like to mention that it is wise to block (undo) SSH when you no longer need it. Enable root access for SSH is dangerous.

  21. Ian B says

    7 November, 2008 at 17:44

    OK, I tried enabling it in inetd.conf and restarting services, but when I connect via PuTTY, I get “connection refused”. Am I missing someting?

    (I’m also on a Dell R200)

  22. PAL says

    14 November, 2008 at 22:26

    I tried this, but it does not worked 🙁
    In ESXi 3.5 Update 3 typing “unsupported” on first console does nothing 🙁

    It looks like magic keyword is changed 🙁 Is there any idea? How you research for magic keyword? Is it was compiled in something binary or wrote to some script in clear text? And where?

    Pls, help, if possible, of course.

  23. Srini says

    16 November, 2008 at 08:30

    I tried this and it works. But on rebooting the esxi server the ssh settings that I uncommented in inetd.conf is not saved and is commented again. I had to go back to the console and change the setting again. Everytime server reboots this needs to be done again.

    Is this the way it works or am I missing something ?

  24. JJonsson says

    20 November, 2008 at 15:02

    Cannot get it to work on ESX 3i v3.5.0 build 123629… (Update 3)
    I have edited /etc/inetd.conf and removed the #ssh. Rebooted server…

    Any ideas ?

    🙂 Jens

  25. JJonsson says

    20 November, 2008 at 15:07

    PAL,

    Magic keyword is still “unsupported” (all lowercase).

  26. dipak says

    4 December, 2008 at 17:55

    i have vmware esx 3i version 3.5.0 and updated with latest patch so when i press alt+f1 key it shows starting open… but i could not find prompt where should i type unsupported……….so can you help me how should i work with this version sothat i can start SSH service.

  27. AdamESX says

    12 December, 2008 at 15:54

    I am having trouble with Esxi to Esxi ssh keys. I setup a linux box and dropped the public keys to both Esxi boxes and I can connect fine without a password. I am having trouble creating keys to allow the Esxi boxes to connect directly with each other without a password. Any ideas?

  28. Chrissy says

    11 January, 2009 at 09:29

    Excellent! This worked for me on ESXi 3.5.0 build 123629. Instead of restarting all the services, however, I just did a ps aux|grep inetd, got the PID and did a kill -HUP pid

  29. stant0s says

    12 February, 2009 at 15:30

    services.sh command no longer works, do ps |grep inetd to get the PID, then kill -HUP (PID)

  30. Pierre says

    18 April, 2009 at 22:29

    Worked as advertised. Instead of step 8, I rebooted my ESXi u4 server after editing /etc/inetd.conf.

    From Windows XP use the excellent WinSCP program:

    http://winscp.net/eng/download.php

    sweet!

  31. MarkCary says

    23 April, 2009 at 20:05

    After pressing Atl+F1, and understanding that I’m typing blindly, shouldn’t SOMETHING happen?

    Zip. Nada. Nope. Nothing!

  32. Timm says

    24 June, 2009 at 15:48

    press alt-f1
    type ‘unsupported’
    press enter
    type root’s password
    press enter
    continue…

  33. emilise says

    1 July, 2009 at 14:42

    If you still get an error when you try to connect after this, you should know that you can’t connect in file transfert mode after this, only in command line mode. That happened to me with the client “SSH client”

  34. Vlad says

    6 July, 2009 at 18:26

    Recent VMWare ESXi 3.5 updates will encounter issues following reboots with SSH. The problem is that these later updates will attempt to return the VMWare Hypervisor back to a ‘factory default’ state on reboot. To get around this, there is a file stored in /vmfs/volumes/Hypervisor1 folder that is called oem.tgz. Its a TAR GZIP’d file that will contain any files and/or folders that you want replaced into the system after a reboot. This means that even if you modify /etc/inetd.conf to enable SSH, and reboot there is a big chance depending on what version of VMWare ESXi you have installed that it will return it back to the factory default state all the time. However if you place the modified version of this file in that archive, it will do some ‘post processing’ after a reboot, and apply whatever is in the oem.tgz file back to the file system as the last stage of the reboot. This gets around losing SSH on restarts. If you are using SSH keys you will also need to place them in the same file in order for them to be re-applied on restart.

    If you want to know more about this, do a Google search for VMWare ESXi oem.tgz to find out how to construct such a file and its behavior.

  35. Forrest says

    27 July, 2009 at 20:35

    How can you restrict dropbearmulti to listening only on the management port? Or is this implied anyway, since you’re doing this from within ESXi.

  36. c0de4badf00d says

    29 July, 2009 at 16:26

    I am on ESXi 4.0 and was able to enable SSH also connected via WinSCP, it was smooth thanks to this post.

    Question: I can backup my virtual machines from the server now. But has anyone tires the backup earlier and tried to restore the same. How does that work?

  37. Rodrigo Miguel says

    5 September, 2009 at 03:58

    1. Go to the ESXi console and press alt+F1
    2. Type: unsupported
    3. Enter the root password(No prompt, typing is blindly)
    4. At the prompt type “vi /etc/inetd.conf”
    5. Look for the line that starts with “#ssh” (you can search with pressing “/”)
    6. Remove the “#” (press the “x” if the cursor is on the character)
    7. Save “/etc/inetd.conf” by typing “:wq!”
    8. Restart the management service “/sbin/services.sh restart”
    10 – Kill inetd : kill `ps | grep inetd | cut -f2 -d” “‘
    11 – Start inetd: inetd

  38. Rodrigo Miguel says

    5 September, 2009 at 04:02

    If whe you unsupported nothing happens fallow this:
    1 – Open the VI client, click onto the ESXi server you want to manage and go to Configuration TAB;

    2 – Advanced Settings

    3 – Uncheck the VMkernel.boot.techSupportMode

    4 – Reboot the ESXi Server. Before restarting the host, you should shut down virtual machines on that.

    Source: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003677

  39. sureshs says

    21 September, 2009 at 22:54

    I need to run my linux application from the unsupported console. But how to copy my application into the ESXi 4.0 drop box and run it in the unsupported console.

  40. sai r says

    29 November, 2009 at 07:22

    thanks a lot, that worked like a charm..

  41. tang214 says

    18 December, 2009 at 22:22

    When I perform this modification and then reboot, ESXi does not start back up. It just comes to a screen with a blinking cursor and I am unable to access anything through the VMWare Infrastructure Client or through the physical machine. Has anyone had this happen and how can I fix it? Thanks.

  42. black says

    14 January, 2010 at 11:25

    how can i add a RSA ID in .ssh ?

    every time i restart the ESXi the .ssh is removed ….
    (it is NOT a embedded system) the ESXi is normal installet on a Raid Array)
    i need to have a automatic RSA login to the ESXi …
    plz help 🙂

  43. Max500 says

    14 January, 2010 at 13:22

    Hello,

    can I connect to the ESXi Console (the grey/yellow one) via ssh? I want to customize the System with .

    Many thanks, Max

  44. Max500 says

    14 January, 2010 at 13:23

    Hello,

    can I connect to the ESXi Console (the grey/yellow one) via ssh? I want to customize the System with F2.

    Many thanks, Max

  45. Alex says

    3 February, 2010 at 19:47

    Black:

    Add to /etc/rc.local ->

    mkdir /.ssh
    cp /vmfs/volumes/[somedatastore1]/authorized_keys /.ssh/
    chmod -R 600 /.ssh

    You will need to add the public key from the host you need to connect from to the file /vmfs/volumes/[somedatastore1]/authorized_keys

    This file will reside on a datastore, the root homedir resides on ramdisk, so you need to copy it over every time you reboot.

    Good luck

  46. Rasmus Scholer says

    24 August, 2010 at 09:43

    Just for the record… With ESXi 4.1, enabling ssh is really simple, just go:

    HOST > Configuration > Security profile, properties > Remote tech support (ssh) > Options, “start”.

    Works instantly.

  47. arlaumu says

    14 December, 2010 at 22:13

    “One of the most asked questions is how can I SSH to an ESXi hosts? Looking at my wordpress stats, this is also one of the top searches.”
    Where else can I read about it?

  48. Marco says

    16 March, 2011 at 17:19

    i made all the steps above and i’m able to shh access my esxi server but i need to know root password to become su….is there a way to set up sudoers files? In this way i could keep root password safe&secret.

  49. Vlad says

    13 June, 2012 at 03:43

    Hi,

    We have an ESXi 4.1 server which we have recently lost the ability to SSH into. This happened after attempting to use keys for authentication.

    The only error we get in /var/log/messages is:
    dropbear[######]: premature exit: bad buf_getptr

    We have checked inetd.conf to make sure SSH is enabled and root login was not disabled. We also created another user and are still not able to SSH into the server.

    trying ssh -vvvv we get the following error on the machine trying to connect:
    [[email protected]_host:~]# ssh -vvvv testesxi1
    OpenSSH_5.6p1, OpenSSL 1.0.0j-fips 10 May 2012
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to testesxi1 [xxx.yyy.zzz.aaa] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug3: Not a RSA1 key file /root/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type ‘—–BEGIN’
    debug3: key_read: missing keytype
    debug3: key_read: missing whitespace
    debug3: key_read: missing whitespace
    debug2: key_type_from_name: unknown key type ‘—–END’
    debug3: key_read: missing keytype
    debug1: identity file /root/.ssh/id_rsa type 1
    debug1: identity file /root/.ssh/id_rsa-cert type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: identity file /root/.ssh/id_dsa-cert type -1
    ssh_exchange_identification: Connection closed by remote host
    [[email protected]_host:~]#

    I’ve posted on the vmware communities and have not had any luck thus far.

    Anyone know what is going on?

    Regards,
    Vlad

  50. Andy says

    12 July, 2012 at 09:44

    This really helped me – but I got thrown a curve ball by not being so familiar with ESXi console and Rodrigo Miguel’s comment about “unchecking” the VMkernel.boot.techSupportMode option.

    So to save others time (who, like me, read the whole thread before trying this out) the VMkernel.boot.techSupportMode option MUST be checked! Do not uncheck this. If it is not checked, then check it (and reboot). Follow Rodrigo Miguel’s excellent instructions as to where to find it.

    The other thing to point out is the “user experience”. I read a lot about “typing blindly” here, which was misleading. If your screen background stays black with grey text / lines while you;re typing, your console is still in some kind of “standby” state, and your key presses are being ignored! Instead, first press ESC or space (can’t recall now which), so that your ESXi console screen changes to a yellow and grey background color. Its now out of standby mode. Now you can press Alt-F1.

    When I pressed Alt-F1 on my ESXi 3.5 system the screen immediately changed to a login prompt. I did not have to type blindly, I could see the prompt, and my key presses coming up on the screen. Not only that, but there’s a banner in salmon-pink writing saying “Tech Support Mode”. After entering the username and hitting return, I then got prompted for the password. All was pretty normal linux experience.

    After this the kill -HUP did the trick for me, no restarts needed, and the system is still running smoothly. (relief!)

    Thanks to everyone here for taking the time to record their tips and experiences. Great thread!

  51. DougC says

    30 August, 2013 at 17:26

    Not having run vi before, when I run vi /etc/inetd.conf all I get is a bunch of lines with ‘~’ as the first character. I’m thinking maybe the good stuff rolled off the screen but I don’t know how to scroll back to find it.

    Thanks for any help,
    Doug

Primary Sidebar

About the author

Duncan Epping is a Chief Technologist in the Office of CTO of the Cloud Platform BU at VMware. He is a VCDX (# 007), the author of the "vSAN Deep Dive", the “vSphere Clustering Technical Deep Dive” series, and the host of the "Unexplored Territory" podcast.

Upcoming Events

May 24th – VMUG Poland
June 1st – VMUG Belgium

Recommended Reads

Sponsors

Want to support Yellow-Bricks? Buy an advert!

Advertisements

Copyright Yellow-Bricks.com © 2023 · Log in