Professional Documents
Culture Documents
php
[Home] [Forum]
ESXi 3.5 does ship with the ability to run SSH, but this is disabled by default (and is not supported). If you just need to access the console of ESXi, then you only
need to perform steps 1 - 3.
1) At the console of the ESXi host, press ALT-F1 to access the console window.
2) Enter unsupported in the console and then press Enter. You will not see the text you type in.
3) If you typed in unsupported correctly, you will see the Tech Support Mode warning and a password prompt. Enter the password for the root login.
4) You should then see the prompt of ~ #. Edit the file inetd.conf (enter the command vi /etc/inetd.conf).
5) Find the line that begins with #ssh and remove the #. Then save the file. If you're new to using vi, then move the cursor down to #ssh line and then press the
Insert key. Move the cursor over one space and then hit backspace to delete the #. Then press ESC and type in :wq to save the file and exit vi. If you make a
mistake, you can press the ESC key and then type it :q! to quit vi without saving the file.
6) Once you've closed the vi editor, run the command /sbin/services.sh restart to restart the management services. You'll now be able to connect to the ESXi
host with a SSH client.
Tip - with some applications like WinSCP, the default encryption cipher used is AES. If you change that to Blowfish you will likely see significantly faster
transfers.
Update for ESXi 3.5 Update 2 - With Update 2 the service.sh command no longer restarts the inetd process which enables SSH access. You can either restart
your host or run ps | grep inetd to determine the process ID for the inetd process. The output of the command will be something like 1299 1299 busybox
inetd, and the process ID is 1299. Then run kill -HUP <process_id> (kill -HUP 1299 in this example) and you'll then be able to access the host via SSH.
You can also download an oem.tgz file which will enable SSH (and FTP). Copy the file to a datastore with the VI client and then to bootbank with the command
cp /vmfs/volumes/<datastore>/oem.tgz /bootbank/oem.tgz and then reboot.
Excellent Articles!!!
I am running ESXi 3.5 Update 2. I have edited the inetd.conf file and rebooted the server. Can get to logon prompt remotely using PuTTY, but get access denied using non root account.
Any ideas? The account and password I created works with VI Client.
Thanks for the post. I am also running ESXi 3.5 update 2 and would like to install the monitoring software for my UPS. APC does support ESX so I should be able to install it on ESXi
with console access and the rpm file, but I can't access the CD drive. I've tried "mount /dev/cdrom" but it won't mount. Any ideas?
Hi Carlton, ESXi does not have the same console VM that ESX has (i.e. no Linux VM console), so you won't be able to install the RPM in the console of ESXi. You would instead have
to run a VM with APC software and use the RCLI or other to shutdown the VMs and the hosts impacted by a power issue.
Dave,
Thanks so much for the info. I've loaded a Window XP Pro VM that I'll use for the PowerChute software. I looked into using the CLI to shutdown the guest, but I wasn't able to access it
from the XP VM (vmware-cmd.pl "\\ESXiServer\datastore2\vmBackup2003.vmx" stop), so I'm using the shutdown command in XP. I would like to use the CLI to shutdown the host.
Do you know the syntax?
I currently use a serial port from the UPS to my server so I ordered a Network Management card so I can use IP instead. I guess I could have used a serial -> IP device, but the card was
only $125.
For the VM stop command, did you try something like this - vmware-cmd.pl --server /vmfs/volumes/datastorte2//vmBackup2003.vmx ?
For the host you can try the hostops.pl script. It's found in a subfolder of the Perl folder (not bin).
2) Edit /etc/passwd - add "root" to the root entry so the line will be like this
root:x:0:0:Administrator:/root:/bin/ash
Then bundle the /root folder into oem.tgz. You could also do /etc/passwd and /etc/inetd.conf, but I only tested the /root folder.
Hi, has anyone found a solution to not being able to login using putty? If so, please share. Thanks!
1 di 9 10/12/2010 17.09
ESXi (ESX 3i) Enable SSH http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php
Hi Steve, what's the problem that you're having with putty? Putty is the client I use and have no problems connecting to ESXi after enabling SSH.
Hi
My problem is that ESXi can't see my hard disk, however regular ESX can.
I was able to boot my system finally off of a usb drive. When I run lspci I get my device ICH5 IDS. I checked both the pci.ids and the simple.map and the ICH driver looks fine, I do not
have to make any updates.
However, I still cannot access the SATA harddisk I have installed. Do you think it is because my actual harddisk is not recognized?
Any advice?
Hi Anthony, is it the ide or ata_piix driver that is being loaded for the controller and do you have an option to set the mode of the controller (i.e. to achi or ide) in the BIOS?
ok, first of all thank you Dave for all your help and putting up all this info for all us n00b's to follow. After making several fat finger typo's I managed to get it to work from a USB stick.
From the threads that I've read I gathered that you cannot install ESXi from this USB hack.
My question is: is it possible to install this onto the HDD some other way? Are all of you guys running ESXi with USB keys sticking out of your boxes permanently?
Hello Raven, what sort of system are you trying to install to? For test systems I just leave the USB drive plugged in and essentially that is what ESXi embedded is (except the USB key is
on the MB).
I am having a problem enabling the ssh on my ESXi 3.5u3 server. After removing the # on the ssh line, /sbin/services.sh restart does not seem to enable ssh. If I restart of the server, it
goes into the purple screen of death (!), and can only be recovered by a repair install.
Hello Eden, there are some good instructions on expanding your C drive here - http://www.vmware-land.com/Resizing_Virtual_Disks.html.
Hello Bjorn, for ESXi 3.5 Update 2 and higher you have to use the ps / kill instructions above as services.sh does not restart the inetd process. If you reboot right after making the change,
I would suggest updating the system config in state.tgz with the command /sbin/backup.sh 0 /bootbank/ before you restart.
Sirs, I am new to ESxi. I have inatalled the same on a test Dell Poweredge 1950 Server. ( Have 2 broadcom (BCM5708C) Net extreem II Gig N/w cards for which I have assagined a
Static IP)I have done exactly as mentioned earlier to enable SSH. restarted the server atleast 5 times. I use a free SSH client like putty or Trilead Explorer to connect , but gives an error "
Network Error, Connection refused". Any help on the same will be very greatful. Thanks in advance
Hello Dama, if you open inetd.conf after a reboot, does it still show the ssh entry without the # in front? Did you change any other part of that line? For example, changing ssh to SSH
will prevent the ssh from running.
Hello Dave, Thank you very much for the Quick response and Support. The problem is solved. My mistake I dont know how it happened, "ssh" was written as "SSh". Cahnged it to "ssh"
and it is working. Once agin thank you verymuch Dave.
Steve, your root access via putty/ssh may be locked down in the ssh config file. Go back into the unsupported shell and run "vi /etc/ssh/sshd_config". Find the line under the
Authentication section that says "PermitRootLogin no", press Insert and change "no" to "yes". Press ESC and type ":wq". Reboot the ESXi server again and you should be ok. By default
the root account is locked out of remote connections for security reasons. Hope that helps.
2 di 9 10/12/2010 17.09
ESXi (ESX 3i) Enable SSH http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php
Hi Folks!
I managed to enable ssh on my ESXi 3.5 u2, but first after making the backup as described in this blog.
1. How do I end the Tech Support Mode - normal linux init 6 do not help?
Regards,
Hans
2. I get an errormessage regarding the signature of the server - can I get rid of this without paying somone a lot of money?
Hello Hans, to exit support mode press ALT-F2 and that will get you back to the DCUI. Where are you seeing the signature error? If you're referring to the SSL cert, then you can change
it according to these instructions - http://www.vm-help.com/esx/esx3i/change_name_and_cert.php.
Hello togehter,
i want to activate on my esxi server the ssh service, but it don`t work.
I followed the point in the top of this article but i doesn`t works.
for the connect i am using putty and get every time the failure "Network error connection refused"
if i scan the server with a port scanner the port 22 is not listed
what can i do ?
otta
Hello Otta, have you tried to restart the host and then verified that the change has persisted? Also the change is case sensitive so you'll want to very that.
I had the same problem with the changes to inetd.conf not persisting. I'd make the change, quit from vi. Re-open it again in vi -- change still there. Then his the reset or power button on
the computer.
It looks like you need to do a "clean" reboot to make the change permanent. After changing inetd.conf in vi and quiting/saving, hit to bring yourself back to the main startup screen. Then
hit to shutdown or reboot and follow the menus.
A hard reset won't give a change for ESXi to backup the change to state.tgz. By default that file is updated at 1 minute past the hour (at it includes inetd.conf). You can manually back it
up with /sbin/backup.sh 0 /bootbank/ .
hi togehter,
after an another reboot, i could connect with putty (ssh) to my esxi server.
But i have now the problem that after the reboot my created .ssh directory is deleted.
Dave: Can i save it with the same mechanisam you descirbe above ?
The configuration backup script (/sbin/backup.sh) will only backup files in /etc that have a .# duplicate file. I.e. if you look at the folder with something like winscp you'll see both
inetd.conf and .#inetd.conf. Thus inetd.conf will be backed up into /bootbank/state.tgz and will survive a reboot. To backup /.ssh you would either have to modify the backup script or
add the folder structure to oem.tgz.
Hi Dave!
regards, Hans
Hello Hans, to exit support mode press ALT-F2 and that will get you back to the DCUI. Where are you seeing the signature error? If you're referring to the SSL cert, then you can change
it according to these instructions - http://www.vm-help.com/esx/esx3i/change_name_and_cert.php.
3 di 9 10/12/2010 17.09
ESXi (ESX 3i) Enable SSH http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php
Hello,
I have one intention : I would like to run iptables on my ESXi host. I would like to have it responding on a single public IP and NAT specific traffic to specific VMs, while keeping
everything safe by having just the host accessible from outside.
- the tar on ESXi was unable to handle tarball from netfilter pages, so I extracted on different machine and got on ESXi via wget
- the more painful think is ESXi does not supports the make command
maybe I am on totally wrong path and what I want may be simply achieved by other tools ... any advices ?
regards
Simon
The vmkernel of ESXi isn't based on Linux so you can't add addition packages to it like you would with a Linux system. You might consider putting up a VM that would act as a firewall
instead of depending on ESXi for that function.
Hi I've followed the steps above and gotten ssh up and running.
I accepted the default key. I've tried creating a new key, but have no way to upload it to the client since well that's the reason I'm trying to enable ssh/scp.
I added the root to the password file, and that still didn't help either.
Hi Steve, once you enable SSH you should be able to connect and you don't have to replace the key. What client are you using to connect?
Hi Dave,
I'm able to use my Secure Shell Client, but the Secure File Transfer fails.
I'm using the non-commercial ssh.com client. You mention the use of winscp so this should work I believe?
Thanks, John
Hello John, WinSCP has worked fine for me for both small and large transfers. Do you just get an error during transfer or connecting as well?
Do you have a fallback option to SCP? ESXi doesn't support SFTP so the transfer would be done with SCP.
"q not implemented" in vi. Sorry, but it is simply impossible to use it! Can`t edit or save anything...
Regards
The vi editor can be a bit of a pain to use. Are you tying in :q! and not just q! or q?
4 di 9 10/12/2010 17.09
ESXi (ESX 3i) Enable SSH http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php
I cannot enable SSH on ESXi 3.5 U4. When I try to edit the inetd.conf it won't let me change anything then I can't exit out of console so i have to reboot the machine. What am I doing
wrong?
The vi editor can be a bit of pain to use. There's an oem.tgz file you can copy that enabled SSH (as well as ftp). You can copy it from http://www.vm-help.com/esx/esx3i
/customize_oem_tgz.php. Upload it to a datastore on your host with the VI client and then access the console and copy it to /bootbank and reboot.
Doesn't make sense, if you can do it, why can't I? It's like the inetd.conf is in read only mode but I'm logging in as root :( If I press backspace twice it turns all the script into caps which I
thought was weird. Annoyed at why this is so difficult and it shold be enabled by default!! :)
Ok I figured it out. You might want to add in your How-To to hit the INSERT button to make changes to the file once opened. Then INSERT again to go back to normal, then you can
:wq and kill the process. All working now, thanks :)
Oops maybe I should learn to read better :) Insert was alrady there, my bad.
Hi all,
I installed ESXi 3.5 U4 and ssh doesn't work. My other "server" works fine with 3.5 U2. But not U4!!! Any ideas?
once Inside vi editor, i can delete the # but when i hit esc key, it does not work ????
So when you hit ESC can you then enter the text :wq? See a guide for VI here - http://www.eng.hawaii.edu/Tutor/vi.html
Excellent tips on ssh - thanks very much. Worked fine on ESX 3i U4. Lots of good things to play with inside there -;)
once you restart SSH service, how to you exit CLI and get back to the ESXi management screen?1
I had similar problem with ESX. Could connect from Linux (SuSE, RHEL), but no connection from XP
Now it works. :)
5 di 9 10/12/2010 17.09
ESXi (ESX 3i) Enable SSH http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php
Hi there
I did what uousaid but after /sbin/services.sh restart the service is not there as well as the machine is not listening on port 22.
I know that the problem will go after the reboot but this is a production machine so It's to much pain and risk to switch them all off.
The other problem is that I dont' know how to go back to the Administation Console.
Please advice.
Regards
Peter
ALT+F2 will get you back to the DCUI. Did you try the kill command as service.sh only worked for ESXi 3.5 Update 2 and earlier.
I'm replying to a quote made by Nathan on 1-26-2009 in which he states the following: Steve, your root access via putty/ssh may be locked down in the ssh config file. Go back into the
unsupported shell and run "vi /etc/ssh/sshd_config". Find the line under the Authentication section that says "PermitRootLogin no", press Insert and change "no" to "yes". Press ESC and
type ":wq". Reboot the ESXi server again and you should be ok. By default the root account is locked out of remote connections for security reasons. Hope that helps.
You don't have to reboot the ESX server, all you have to do is type /sbin/services.sh restart and that will restart the service which will then enable you to use SSH.
Has anyone been able to change the dropbear ssh port? Or maybe install their own sshd onto the busybox setup?
I haven't tried it with 3.5 but with 4.0 you can use the directions here - http://www.vm-help.com/esx40i/ESXi_enable_SSH.php.
What's the correct argument to dropbearmulti so that it will only listen on the management interface? I would prefer not to enable SSHD for all interfaces.
You can use vim-cmd at the console. See some examples here- http://www.vm-help.com/esx40i/manage_without_VI_client_1.php
@Forrest - this should only be listening on vmkernel ports. For a vswitch with only VMs (and only a virtual machine portgroup) SSH should not be available.
Thanks, Dave! All of your work is invaluable to running ESXi outside of the somewhat limited scope of "offically" supported hardware.
Fantastic. Didn't realise that you could type unsupported to gain console access. Next time we'll either RTFM or come back to you!!
Thanks!!!
hi guys.
i have a problem.
My initd.conf is empty ??
Did you get the spelling OK for the file --> vi /etc/inetd.conf
Ps! I didn't reboot the host. I hope not having any surpprise later.
6 di 9 10/12/2010 17.09
ESXi (ESX 3i) Enable SSH http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php
To restart inetd, you can make life a lot easier by doing this one-liner:
Very usefull article. I'm using ESXi4 an can now access via SSH. Many Thanks!
Thank you!
Thanks!!!
Brilliant set of articles - thanks! This is just the kind of site we NEED!!!!!
I have a couple of old (cheap) D530's with IDE HDDs which have got ESX 3i running on them thanks to your IDE fix!!!
So I am a happy bunny!
Want to add some more network cards which lspci recognises but ESX 3i does not.
Me being lazy and not wanting to reinvent the wheel - has anyone added the latest oem.tgz to a ESX 3i distribution and published that CD distribution. Not sure if this is possible as it
may infringe VM Ware copyright rules??
The alternative is for me to spend a couple of nights hacking at one of my D530 boxes....
Thanks RayB
I am just going to download - CommunityUnifiedDriverPack_v1.1.0_U3-123629.oem.gz and play with that - I am assuming that is the best thing to do?
RayB
Assuming you don't plan to upgrade the D530s to ESXi 4 or higher the community pack should be fine.
I have had a look at the XXXoem.tg and XXXoem.tgz archives in the area - http://www.vm-help.com/esx/esx3i/Custom_oem.tgz/
I have looked at the simple.map files within these archives and cannot find the ID of my NIC - it is a 3com with an ID from lspci -v of 10b7,9001
I believe this means that there are no drivers for this card in the area - ..esx3i/Custom_oem.tgz/ so I will need to produce my own oem.tgz file. Is this correct please??
Thanks RayB
Ray, if you can't find a specific oem.tgz file that covers that PCI id then you would have to compile something yourself (or add another NIC).
7 di 9 10/12/2010 17.09
ESXi (ESX 3i) Enable SSH http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php
Hi everyone, I was able to enable users with the ability to SSH without to much of a hassle.
vi /etc/inetd.conf (enabled the ssh line and had to add a -w) at the end
made a /home directory and folders for users that had accounts on the machine that I wanted to enable SSH.
The only issue I'm having is that I cannot enable root to SSH into the machine - and I need to enable this. I've read about editing /etc/ssh/ssh_conf but that file does not exist and neither
does the folder /etc/ssh.
Jonathan, what changes did you make with inetd.conf? root access will work by default if you just remove the # so if you have changed anything else that is likely the cause. etc/ssh
/ssh_conf doesn't exist with ESXi.
Hey Guys,
Currently we are deploying all our linux os's (including all ESXi versions) via PXE. However, I haven't been able to find any documentation on enabling ssh during installation or
automating the installation process to not require user intervention. Can you guys point me to some docs? I was able to find a post (on a cycling forum surprisingly) that eludes to the
possibility of creating another tarball and adding scripts to be run during/after the installation, but I haven't been able to get this to work (first issue being to get the install to even call the
newly created tarball). I'm on a team that supports a test lab, so I am looking to be able to automate the ESXi install process from start to finish allowing remote users to reimage a
machine to esxi and be able to access it via ssh without any user intervention. Any/all assistance is appreciated, and I apologize if either of these subjects were covered already. I thought
I had read the entire post, but if I missed it kindly kick me in the right direction. Also, thanks for all the help that you've provided as you are helping lots of users and that is always
commendable, but sometimes goes unthanked/unrecognized. Keep up the good work.
Hi Josh, I'll send you an email about this or you can post the question in the forum - http://www.vm-help.com/forum/.
nice work
=]
Hi Everyone, I have tried starting my vm using 'vim-cmd vmsvc/power.on 16' although I get the following.
Powering on VM:
(vim.fault.LicenseExpired) {
dynamicType = ,
faultMessage = (vmodl.LocalizableMessage) [
(vmodl.LocalizableMessage) {
dynamicType = ,
key = "com.vmware.vim.license.error.evalPeriodOver",
arg = (vmodl.KeyAnyValue) [
(vmodl.KeyAnyValue) {
dynamicType = ,
key = "info",
value = "notinstalled",
],
],
licenseKey = "00000-00000-00000-00000-00000",
I am running VMware ESXi 4.0.0 Update 1. Is there a was I can start my vms without having to purchase VSPhere which only runs on windows anyway (I'm on Mac)
Thanks
8 di 9 10/12/2010 17.09
ESXi (ESX 3i) Enable SSH http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php
Hi everyone, I found my registration key online and then updated using the command vim-cmd vimsvc/license --set MM48J-xxxx-xxxxx-....
So everything works!
Thanks
Hi
thanks
Saludos...
ADD YOUR COMMENT - IF YOU HAVE A QUESTION PLEASE USE THE FORUM
Name (required)
Comment (required)
9 di 9 10/12/2010 17.09