Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Enabling root SSH login on an ESX host (8375637)

Solution

Since ESX 3.0, for increased security, SSH is disabled by default for the root account on an ESX host. That is, the actual sshd service does not allow root logins. Non-root users are able to login with SSH. This is another layer of protection in addition to the host firewall.

Note: Each SSH connection to an ESX host uses additional Service Console resources. Use caution when using scripts or third party software that create multiple SSH sessions to the ESX Service Console. Excessive use of SSH on an ESX machine may cause the service console to exhibit symptoms of memory exhaustion.

To enable root login for SSH and SCP clients:

  1. If you have physical access to the ESX host, login to the console of your ESX host as the root user. If you can only connect to the ESX host over the network, connect using an SSH client (such as PuTTY) and log in as a user other than root.

    To create a user in ESX host for using a SSH client:

    1. Log in to the vSphere Client as a root user.
    2. Click Users & Groups.
    3. Right-click on a blank area and click Add.
    4. Enter a username and password. Confirm your password.

      Note: Starting in ESX 4.0, the password needs to be at least 8 characters in length.

    5. Select Grant shell access to this user.
    6. Select root group from the dropdown and click Add > OK.

      Note: By default it assigns to the users group and does not allow SSH access.

  2. After you are logged in SSH session, switch to the root user with the command:

    su -

    Note: If you do not have any other users on the ESX host, you can create a new user by connecting directly to the ESX host with VMware Infrastructure (VI) or vSphere Client. Go to the Users & Groups tab, right-click on the Users list and select Add to open the Add New User dialog. Ensure that the Grant shell access to this user option is selected. These options are only available when connecting to the ESX host directly. They are not available if connecting to vCenter Server.

  3. Edit the configuration file for SSH with the command:

    nano /etc/ssh/sshd_config

  4. Find the line that starts with PermitRootLogin and change the no to yes. You can find this line about 2 pages down from the top.
  5. Save the file by first pressing Ctrl-O and then Enter.
  6. Exit with Ctrl-X.
  7. Restart the sshd service with the command:

    service sshd restart

    Note: Alternatively, use the command:

    /etc/init.d/sshd restart
Note: For similar information when using ESXi, see Tech Support Mode for Emergency Support (1003677) and Using Tech Support Mode in ESXi 4.1 and ESXi 5.0 (1017910). To enable SSH access for local user accounts created on ESX/ESXi 4.1, see Local or Active Directory Domain users on ESX and ESXi 4.1 systems cannot log in (1024235).
 
For translated versions of this article, see:

Tags

enable-ssh esx ssh-disabled-default-root-account

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 157 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 157 Ratings
Actions
KB: