While connecting to ESXi hosts via ssh, you may encounter the following error.
ssh: connect to host 192.168.0.10 port 22: Connection refused
SSH is disabled on all ESXi hosts to lessen the security risk starting with VCF 4.4. If an external SSH dependency exists on ESXi hosts, the techniques below can be used to enable SSH on those hosts.
During several operations on ESXi hosts, such as bring up, host commission, adding a host to a cluster, forming a cluster, creating VI domain, upgrading, and so on, SSH is disabled.
If you want to enable SSH for all hosts in all domains, run the following command as root in the SDDC Manager:
/opt/vmware/sddc-support/sos --enable-ssh-esxi --domain-name ALL
To enable SSH for all the hosts for a specific domain (e.g. domain1):
/opt/vmware/sddc-support/sos --enable-ssh-esxi --domain-name domain1
To enable SSH for a specific host:
- In a web browser, log in to the ESXi host using the VMware Host Client.
- In the navigation pane, click Manage and click the Services tab.
- Select the TSM-SSH service and click Start.
For Bringup, login as root user in the cloud builder VM and replace:
feature.vcf.esxi.ssh.disable=true by feature.vcf.esxi.ssh.disable=false
in /opt/vmware/bringup/webapps/bringup-app/conf/feature.properties and restart the bringup service:
systemctl restart vcf-bringup.service
For any other workflows, login as vcf user in the SDDC Manager VM and create or update the file named /home/vcf/feature.properties containing “feature.vcf.esxi.ssh.disable=false” E.g.:
echo 'feature.vcf.esxi.ssh.disable=false' >> /home/vcf/feature.properties chmod a+r /home/vcf/feature.properties
After creating the above file, log in to SDDC manager as root user and restart all the services with the following command: