Search the VMware Knowledge Base (KB)
View by Article ID

Changing default SSH configuration (1020530)

  • 2 Ratings


  • SSH connection to the ESX host is refused
  • This issue may occur when Triple Data Encryption Algorithm (3DES ) is used by the source


This article provides steps to change the default SSH configuration.


ESX SSH security settings are designed to provide protection for the data you transmit to the service console through SSH. If this configuration is too rigid for your needs, you can lower security parameters.
Note: For more information about the security settings, see SSH Security in the Configuration Guide.
To change the default SSH configuration:
  1. Log on to the service console and acquire root privileges.
  2. Change to the /etc/ssh directory with the command:

    cd /etc/ssh

  3. Open the sshd_config file in a text editor. For more information, see Editing files on an ESX host using vi or nano (1020302).
  4. To allow remote root logon, change the line PermitRootLogin no to PermitRootLogin yes.
  5. To revert to the default SSH protocol (Version 1 and 2), comment out this line:

    Protocol 2

  6. To revert to the 3DES cipher and other ciphers, comment out this line: 

    Ciphers aes256-cbc,aes128-cbc

  7. To disable Secure FTP (SFTP) on SSH, comment out this line: 

    Subsystem ftp /usr/libexec/openssh/sftp-server

  8. Save your changes and close the file. 
  9. Restart the SSHD service with the command:

    service sshd restart

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 2 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 2 Ratings