Home / Enable SSH on ESXi Hosts in VCF

Enable SSH on ESXi Hosts in VCF

vSphere esxi

While connecting to ESXi hosts via ssh, you may encounter the following error.

ssh: connect to host 192.168.0.10 port 22: Connection refused

SSH is disabled on all ESXi hosts to lessen the security risk starting with VCF 4.4. If an external SSH dependency exists on ESXi hosts, the techniques below can be used to enable SSH on those hosts.

During several operations on ESXi hosts, such as bring up, host commission, adding a host to a cluster, forming a cluster, creating VI domain, upgrading, and so on, SSH is disabled.

If you want to enable SSH for all hosts in all domains, run the following command as root in the SDDC Manager:

/opt/vmware/sddc-support/sos --enable-ssh-esxi --domain-name ALL

To enable SSH for all the hosts for a specific domain (e.g. domain1):

/opt/vmware/sddc-support/sos --enable-ssh-esxi --domain-name domain1

To enable SSH for a specific host:

  • In a web browser, log in to the ESXi host using the VMware Host Client.
  • In the navigation pane, click Manage and click the Services tab.
  • Select the TSM-SSH service and click Start.

For Bringup, login as root user in the cloud builder VM and replace:

feature.vcf.esxi.ssh.disable=true
by
feature.vcf.esxi.ssh.disable=false

in /opt/vmware/bringup/webapps/bringup-app/conf/feature.properties and restart the bringup service:

systemctl restart vcf-bringup.service

For any other workflows, login as vcf user in the SDDC Manager VM and create or update the file named /home/vcf/feature.properties containing “feature.vcf.esxi.ssh.disable=false” E.g.:

echo 'feature.vcf.esxi.ssh.disable=false' >> /home/vcf/feature.properties
chmod a+r /home/vcf/feature.properties

After creating the above file, log in to SDDC manager as root user and restart all the services with the following command:

/opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager_restart_services.sh

Leave a Reply