October 5, 2011 Leave a comment
This post explains how to enable root SSH access on an VMware ESX host over the network, when you don’t have physical access to the server console. Root SSH access is disabled by default. Before enabling root SSH access please assess any security implications of this action in your environment.
Firstly, use the vSphere client to access the host directly. i.e. connect directly to the IP address or hostname of the host rather than logging in to vCenter. Log in using the root account. Once logged in highlight the ESX host in the left pane of the screen, and then click on the local users and groups tab in the right hand pane of the screen, as shown below:
Right click anywhere in the list of users and choose ‘Add’. Enter the details for your new user account as shown below, making sure that you tick the ‘Grant shell access to this user’ check box. You will also need to specify a password of more than 8 characters:
You can use an SSH client like Putty to connect to your ESX host. You may find that when you initally try to connect to the ESX host via SSH that you are still unable to connect and recieve an ‘Access Denied’ message. If this is the case, you need to give Administrator access to the host to your newly created user. In the vSphere client click on the ‘Permissions’ tab, in the right hand pane of the screen as shown here:
Right click in the list of users and choose ‘Add Permission’. Select the user you created and assign Administrator permissions, as shown:
Now you should find you can use your SSH client client to successfully log in to the ESX host. Once you are logged in using this user account you can use the su command to elevate your privileges to the root user.
Now you have root access edit the /etc/ssh/sshd_config file by issuing the following command:
Find the line in the file which says:
and change it to:
Press Ctrl-O, and then press Enter to save the file, and then press Ctrl-X to exit the file. Restart the sshd service by issuing the following command:
Quit your SSH session and start a new one , this time logging in as the root user. Root SSH access is now enabled.
You may want to delete the user account (in this example ‘testuser’) you created earlier at this stage, as it is no longer required.