Virtualization Pro

Apr 2 2009   5:58PM GMT

Creating an SSH user account on VMware ESX hosts

Eric Siebert Eric Siebert Profile: Eric Siebert

By default, ESX hosts do not allow you to log in to the Service Console using the root user account via SSH. This is done for security purposes as the root account should generally not be used because it is a superuser account. It is possible to enable this by changing a configuration file, but this is not recommended. An alternative to this is to create a separate user account on the ESX Service Console that you could use to connect to it using SSH, and than use the su command (grants root privileges to a user) to elevate your privileges. To do this, follow the below steps:

1. First, create an account on the ESX host. This can be done in two ways, either by using the service console command line or by using the VMware Infrastructure Client (VI Client). To create an account using the command line, log into the ESX host as the root account and then type the following commands:


useradd – creates the user account
passwd – sets the password for the user account
To create an account using the VI Client, you need to connect directly to the ESX host with the VI Client (not  vCenter Server) and log in is the root user. Next click on the Users & Groups tab, right-click inside the users pane and select Add. Enter a log-in name and password and check the Grant Shell Access To This User box. If you want to enter a descriptive name you can enter one in the username field; this name is not used for logging in. The UID field will automatically populate when you save the account. Once you are done, click the OK button and that’s it.

2. Now that we have our new account set up, we are ready to start using it. Let’s connect to the ESX host with a client like Veeam’s FastSCP, which allows you to elevate your privilege’s using su after you connect to a host. Run FastSCP and select Add a Server, enter the IP address of the server and select the ESX host option. At the Connection Settings screen enter the username/password for the new user that you created in the previous step. In the bottom section select the Elevate Account to Root option and enter the root user account password. At the Web Service credentials screen you can use the root user and password, as this is not used for connecting to SSH.

3. Once you connect to the host, you are using the user account you created earlier instead of the root account.

Please resist the urge to enable root SSH logins on your ESX hosts set up separate accounts for this purpose instead. It’s a security best practice to not use the root account for anything. Instead, use the su command or set up sudo; I’ll cover both methods in an upcoming tip on SearchVMware.com.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Slogmeister
    So, what version of ESX is this? Because it doesn't work on ESXi 4.0
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: