How to Enable SSH and Shell Services on VMware ESXi – Step-by-Step Guide

How to Enable SSH and Shell Services on VMware ESXi – Step-by-Step Guide

Why Enable SSH and ESXi Shell?

By default, VMware ESXi has SSH and Shell services disabled for security reasons. However, enabling them is essential for:

  • Advanced troubleshooting (logs, storage, networking)

  • Running esxcli and vim-cmd commands

  • Performing manual datastore management

  • Automating tasks using remote scripts

Three methods to enable SSH and Shell services of VMware ESXi and demonstrate how to log in to ESXi using SSH client software.


Remote access to the ESXi host is a necessary condition for maintaining and managing the VMware environment. You can access the ESXi shell through an SSH (Secure Shell ) client (such as Putty). The service corresponding to SXi's Shell is the Technical Support Mode (TSM) service, and SSH corresponds to the TSM-SSH service. In a production environment, keep SSH (TSM-SSH) and ESXi Shell (TSM) services disabled (Disable) status. Enable these services only when you must access the command line to troubleshoot problems. After troubleshooting, disable these services.


Firstly. Through the ESXi host client (VMware Host Client)

Method 1:

Step 1, Access the management IP address or domain name of the ESXi host, and log in to the host client (VMware Host Client) according to the prompts to enter the ESXi account password.

Step 2, in the ESX host client interface, select "Navigator"->"Host"-> "Manage"-> "Services", scroll down to view the service list, and find TSM(ESXi Shell) and TSM-SSH (SSH)services

Step 3, select "TSM(ESXi Shell)", and then click "Start"

Step 4, Confirm that the status of the TSM service is "Running", ESXi Shell successfully started

Step 5, select "TSM-SSH(SSH)", then click "Start"

Step 6, Confirm that the status of the TSM-SSH service is "Running", and SSH is successfully enabled.

Note: When the ESXi host restarts, SSH/Shell will be automatically disabled. This is the default policy. You can modify the policy to start and stop with the host, as shown in the figure below.


Method 2:

Step 1, Access the management IP address or domain name of the ESXi host, and enter the account password to log in to the host client (VMware Host Client) as prompted.

Step 2, In the host client interface, select "Navigator"->"Host"->"Operation"->"Service"->"Enable Secure Shell (SSH)"

Step 3, Confirm that SSH is enabled

Step 4, in the host client interface, select "Navigator"->"Host"->"Actions"->"Services"->"Enable Console Shell"

Step 5, Confirm that Shell is enabled


Second, through the ESXi host's terminal console (DCUI) interface

Step 1, in the ESXi host Direct Console User Interface (DCUI), press the F2 key to enter the "System Customization" (System Customization) menu

Step 2, Enter the root account password as prompted, and press the Enter key to log in

Step 3, in the "System Customization" (System Customization) interface, select the "Troubleshooting Options" (Troubleshooting) option, and then press the "Enter"  key

Step 4, in the "Troubleshooting Options" (Troubleshooting) option, select "" (Enable ESXi Shell), and on the right side you can see "Enable ESXi Shell"(Enable ESXi Shell), on the right side you can see "ESXi Shell is Disabled" to confirm that the current Shell is disabled. Press "Enter" (Enter) to enable Shell

Step 5, on the right, it shows "ESXi Shell is Enabled", confirming that Shell has been enabled.

Step 6, select "Enable SSH" (Enable SSH), and press "Enter" (Enter) to enable SSH.

Step 7, on the right, it shows "SSH is Enabled", confirming that SSH has been enabled


Third. Through vCenter's vSphere Client

Step 1, Access the vCenter Server's management IP address (vSphere Client) and log in with your account and password as prompted.

Step 2, in the vSphere Client interface, select Host->Configuration->System->Services, find SSH and ESXi Shell, confirm the current status is stopped, then click Start 

Step 3, Confirm the status of ESXi Shell and SSH services is Running, and  confirm successful startup


 Log in to ESXi using SSH client software

Step 1, Open SSH client software (e.g., Putty), enter the ESXi host's domain name or IP address, then click "Open"

Note: The first login will pop up a certificate trust warning interface. Click Accept to trust the certificate.


Step 2, Enter the ESXi host's account and password to log in

Step 3, You can enter commands, for example: vmware -vl to view the current ESXi version

 
vmware -vl

More about VMware ESXi resources can be found here:

Security Best Practices

  • Disable SSH when not in use.

  • Use firewall rules to restrict access.

  • Prefer vSphere CLI or PowerCLI for routine tasks.

  • Regularly monitor /var/log/auth.log for suspicious login attempts.

Posted by at
Tags , , , , , ,

No comments:

Post a Comment

Thank you for your comments.

Subscribe to: Post Comments (Atom)