Learn how to permanently enable SSH on ESXi Hosts. Our VMware Support team is here to help you with your questions and concerns.

Permanent SSH Access for ESXi Hosts: Configuration Guide

Enabling SSH access on ESXi hosts can be handy, especially in a controlled environment where security concerns are more relaxed.

.

VMware advises against keeping SSH enabled on production servers due to potential security risks. However, it can be an acceptable risk for a controlled environment.

Method 1: Using the VMware Web Interface

1. First, head to Host > Services > Enable Secure Shell (SSH) on the ESXi server.
2. Then, log in to the ESXi server using an SSH client.
3. Now, edit the file `/etc/rc.local.d/local.sh`and add this line:

   vim-cmd hostsvc/enable_ssh
4. Click save and exit the editor.

Now, every time the ESXi host reboots, SSH will be automatically enabled. The script `/etc/rc.local.d/local.sh` runs at startup and ensures the SSH service is turned on.

Method 2: Using PowerCLI

If we prefer using PowerCLI, open the PowerCLI console and run the following command:

Get-VMHost | Foreach { Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH" } ) }

This command enables SSH, but only until the next reboot. To check the status, connect to the host using the vSphere client, head to `Configuration > Security Profile > Properties`, and verify the SSH startup policy is set to `Start and stop manually`.

To make SSH persist across reboots, additional steps are required since the above method does not modify the startup behavior.

Here’s a better solution using PowerCLI and Plink:

1. Download `plink.exe` to the host where you run PowerCLI.
2. Then, enable SSH on the ESXi host as mentioned earlier.
3. Next, define a function to run remote commands via SSH:

   Function plink($plinkLoc, $esxHost, $esxUser, $esxPass, $remoteCommand) {
$command = $plinkLoc + " -pw " + $esxPass + " " + $esxUser + "@" + $esxHost
Invoke-Expression -Command "echo y | $command exit" | Out-Null
$command += ' "' + $remoteCommand + '; sleep 1; exit"'
$t = Invoke-Expression -Command $command
Return $t
}

4. Then, run the function with the correct parameters to enable persistent SSH:

   plink 'C:\Users\Administrator\Downloads\plink.exe' 'esx01' 'root' 'password' `
'vim-cmd hostsvc/enable_remote_tsm; /sbin/services.sh restart'

5. Finally, confirm SSH is configured to start automatically by checking the vSphere client.

With these methods, we can make sure that SSH access remains enabled on the ESXi hosts even after reboots.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

In brief, our Support Experts demonstrated how to permanently enable SSH on ESXi Hosts.