Home > IT Blogs > Virtualization Pro: A SearchVMware.com blog > How to allow the root user to login to VMware ESX Server with SSH
>>VIEW ALL POSTS  

Virtualization Pro: A SearchVMware.com blog

« Why VMware ESX/VI3 will stay best in production and price, even after Viridian
Revisiting the VI3 SDK? Visit this link first! »
Nov 5 2007   9:10PM GMT

How to allow the root user to login to VMware ESX Server with SSH



Posted by: David Davis
Virtualization, VMware ESX

Let’s say that you just installed a new VMware ESX server. You tried to add SSH to it and login as root. What happened?

It didn’t work, did it?

The firewall allows it, right? (yes) You can login to the physical server console with the same username & password, right? (yes) But it still doesn’t work, does it?

Let’s find out how to fix it….

To allow the root user to login to a VMware ESX Server over the network using SSH, do the following:

  1. Go to the service console on the physical server & login
  2. vi /etc/ssh/sshd_config
  3. Change the line that says PermitRootLogin from “no” to “yes”
  4. do service sshd restart

And your problem is solved…

No need to thank me, just subscribe to our Virtualization Pro blog instead! :)

David Davis, VCP, CCIE

Personal Website: HappyRouter.com
VMware Videos by David Davis:
VMware Server & Workstation
VMware ESX Server

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register

Rick Vanover  |   Nov 6 2007   8:14PM GMT

This also enables SFTP - you can use your FTP client that supports file transfer over SSH to move stuff to the filesystem of the ESX server.


 

Davis420  |   Nov 6 2007   8:16PM GMT

Very true - Great point - Thanks Rick!

-David


 

Slowe  |   Nov 9 2007   8:39PM GMT

David,

I’m sure it goes without saying that allowing root logins via SSH is not considered a security best practice, but this is helpful information for users not familiar with SSH configuration. Over the long term, I imagine you would agree that users should create non-privileged accounts to use with SSH, then use su or sudo once they have logged into the console.


 

Davis420  |   Nov 9 2007   8:56PM GMT

Hi SLowe,

I completely agree - the proper way is to login as yourself then su to root. Great point!

Thanks for the comment,
David


 

ESX 3i is rocking it on the skinny — Server Virtualization Blog  |   Nov 13 2007   11:27PM GMT

[…] This, of course, is excepted when VMWare documentation gives Linux commands to perform tasks, David Davis’ recent blog on enabling SSH and SFTP on ESX is a good example.  By removing that layer, the ESX product is more aligned to what it needs to do […]


 

MarcB  |   Nov 14 2007   7:11PM GMT

Hi David,
I am giving training on ESX and I have found RootAccess from Veeam.com to be a compromise (sort of speak). It is an easy, free and light Windows tool and it can toggle PermitRootLogin if necessary but mostly it eases the creation of users. My students now have no excuse to maintain good audit pratices.


 

Embed SSH connections to ESX with console plug-in - Virtualization Pro: A SearchVMware.com blog  |   Feb 28 2008   10:58PM GMT

[…] Installing the console plug-in is straight forward from the ConsoleClientSetup-0.1.5.msi and it is easily added from the plug-ins menu in the VIC. Once added, each ESX host in your inventory will have a new tab called Console that performs in a similar fashion that the Console tab does for virtual machines. The difference is that authentication to the ESX host is passed through the plug-in. This requires that SSH be enabled on the ESX host, and should you wish to use the root login there is a slight configuration to enable root SSH access which is explained here on the ITKE by David Davis. […]