Knowledge Base

Since ESX 3.0, for increased security, SSH is disabled by default for the root account on an ESX host. That is, the actual sshd service does not allow root logins. Non-root users are able to login with SSH. This is another layer of protection in addition to the host firewall.

To enable root login for SSH and SCP clients:

1. If you have physical access to the ESX host, login to the console of your ESX host as the root user.

   If you can only connect to the ESX host over the network, connect using an SSH client (such as PuTTY) and log in as a user other than root. After you are logged in, switch to the root user with the following command:

   su -

   Note: If you do not have any other users on the ESX host, you can create a new user by connecting directly to the ESX host with VMware Infrastructure (VI) or vSphere Client. Go to the Users & Groups tab, right-click on the Users list and select Add to open the Add New User dialog. Ensure the Grant shell access to this user option is selected.
   
   
2. Edit the configuration file for SSH with the following command:
   
   nano /etc/ssh/sshd_config
   
   
3. Find the line that starts with PermitRootLogin and change the no to yes. You can find this line about 2 pages down from the top. Save the file by first pressing Ctrl-O and then Enter. Exit with Ctrl-X.
   
   
4. Restart the sshd service with the following command:
   
   service sshd restart