Remote access to the command prompt (server console) via SSH is disabled by default on VMware ESXi hosts. So, when connecting to an ESXi host over SSH, you will get the error: ssh: connect to host 192.168.50.13 port 22: Connection refused. In this article, we’ll cover all the ways to enable SSH access on VMware ESXi hosts.
Enable SSH Access via DCUI Console on ESXi
You can enable SSH on your VMware ESXi host through the server’s DCUI (Direct Console User Interface). For this:
- Press F2 on the DCUI logon screen and enter the root password;
- Go to System Customization -> Troubleshooting Options, select Enable SSH, and press Enter.
Try to connect to your ESXi host remotely using any SSH client (I’m using the built-in Windows SSH client):
- Install updates on your ESXi host
- Check and upgrade the VM hardware version
- Force restart a virtual machine that is not responding
- Recover an accidentally deleted VMFS datastore or expand it
- Configure an SNMP agent on ESXi
- Configure an iSCSI LUN on a VMware ESXi server or check if it is available
- Reduce VMware virtual machine disk size
After you have done everything you wanted in the ESXi console, it is recommended to stop the SSH service
How to Enable SSH on ESXi from the vSphere Web Client?
You can enable SSH through the vSphere Client web interface.
If you are using a standalone ESXi host (or a free VMware Hypervisor), connect to its web interface: https://192.168.50.13/ui/#/host.
- Go to Manage -> Services;
- Select TSM-SSH in the list of services and click Start;
- By default, the SSH service on an ESXi host is started and stopped manually. You can configure the SSH service to start automatically by clicking Actions -> Policy -> Start and stop with host.
To enable SSH on the ESXi host connected to vCenter:
- Find the host in the Inventory list;
- Go to Configure -> Services;
- Find the SSH service in the list and enable it by clicking Start.
Note that there is the Firewall tab in the host settings Here you can set a list of IP addresses that are allowed to connect to the ESXi host via SSH (the list is unlimited by default).
Enabling SSH on VMware ESXi with PowerShell
You can enable an SSH server on your ESXi host using PowerShell cmdlets from the VMware PowerCLI module. Suppose that the module is already installed on your computer (if not, install it using Install-Module -Name Vmware.PowerCLI command).
To connect to an ESXi host or a vCenter server, run the command below:
Connect-VIServer <vCenter_or_ESXi_host_FQDN>
Set-PowerCLIConfiguration -Scope AllUsers -InvalidCertificateAction Warn
List all ESXi hosts connected to this vCenter server and the states of the SSH service on them:
Get-VMHost| Get-VMHostService | Where Key -EQ "TSM-SSH" | Select VMHost, Key, Running, Policy
To start SSH on a specific ESXi host, run the following command:
Get-VMHostService -VMHost mun-esxi1 | Where-Object {$_.Key -eq "TSM-SSH" } | Start-VMHostService
If the LockDown mode is enabled on the ESXi host, you can disable it as follows:
(Get-VMHost mun-esxi1 |get-view).ExitLockdownMode()
To enable the LockDown mode:
(Get-VMHost mun-esxi1 |get-view).EnterLockdownMode()
To stop the SSH service on all hosts at once, use the PowerShell command below:
Get-VMHost | Foreach { Stop-VMHostService -confirm:$false -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} )}
To suppress SSH login warnings on all ESXi hosts:
Get-VMHost | Get-AdvancedSetting UserVars.SuppressShellWarning |Set-AdvancedSetting -Value 1
Remember to close your PowerShell session correctly:
Disconnect-VIServer * -confirm:$false
1 comment
Super Helpful, Was the only website i could find for help with our ESXi problems.