2012년 11월 15일 목요일

Enable SSH on VMware ESXi 5.1

Sometimes, It would have times when connecting to ESXi hosts and do some jobs via ssh. ESXi disables ssh by default, however, it can be enabled anytime.

To enable SSH on VMware ESXi 5.1, 
Go to the memu “Customize System” / Troubleshooting Options / 
Click Enable ESXi Shell and Enable Enable SSH

After changed settings, then, I ran ssh connect to the Esxi host, but it failed. 
Additionally, it needed to configure firewall rule. 

Press Alt + F1 to enter into terminal mode. (Press Alt + F2 to return to menu.)

Disable the whole firewall like: 
~ # esxcli network firewall set --enabled false
~ # esxcli network firewall get
  Default Action: DROP
  Enabled: false
  Loaded: true

Or, Configure the firewall ruleset that has ssh rule only. The below was my work to modify this rule.

# List up firewall rulesets whether to know anything related to ssh. 
~ # esxcli network firewall ruleset list
Name            Enable
-----------    ----------------
sshServer      false
....
....

# See detailed information about the ruleset "sshServer"
~ # esxcli network firewall ruleset list --ruleset-id=sshServer
Ruleset       Direction    Protocol    Port Type     Port Begin     Port End
----------   --------     ---------   ---------      ----------      --------
sshServer   Inbound    TCP          Dst              22                22

# Check IP addresses which are allowed to incoming via "sshServer"
~ # esxcli network firewall ruleset allowedip list --ruleset-id=sshServer
Ruleset        Allowed Ip Addresses
-----------   ----------------------
sshServer    All

sshServer allows all IP addresses, so I didn't need to add my IP address. If you want to add another IP, you should run the following command: 
~ # esxcli network firewall ruleset allowedip add --ruleset-id=ruleId --ip-address ip

I ran ssh connect to the ESXi again, and it failed, too.
The failed reason was that the ruleset "sshServer" was disabled, it should be enabled.

# Enable "sshServer" ruleset of the firewall
~ # esxcli network firewall ruleset --enabled true --ruleset-id=sshServer

I finally was success to connected to ESXi host. 
$ ssh 192.168.20.162
~ #


Added on 2012-11-22 --------------------------

How to list up and power on the VM

There are two way of listing VM in the ESXi host.
1) esxcli vm process list

~ # esxcli vm process list
NagiosSnmpTest
   World ID: 113823
   Process ID: 0
   ......
altibase
   World ID: 113830
   Process ID: 0
   ......

However, this command is not perfect, because this returns running VMs only. 

2) vim-cmd vmsvc/getallvms
~ # vim-cmd vmsvc/getallvms
Vmid             Name            ......

1           CentOS6              ......
11         altibase                .....
12         NagiosSnmpTest   .....
5           swift-storage1      .....
6           DeploytempVM      ....

# Check the state of a VM
~ # vim-cmd vmsvc/power.getstate 5
Retrieved runtime info
Powered off

# Power on the VM
~ # vim-cmd vmsvc/power.on 5
Powering on VM:


# Verify the VM
~ # vim-cmd vmsvc/power.getstate 5
Retrieved runtime info
Powered on

# Power off the VM
~ # vim-cmd vmsvc/power.off 5
Powering off VM:


vim-cmd is more flexible and easy to use. It has varios sub commands
List up vim-cmd sub commands: 

~ # vim-cmd vmsvc
Commands available under vmsvc/:
acquiremksticket                 get.spaceNeededForConsolidation
acquireticket                    get.summary
connect                          get.tasklist
convert.toTemplate               getallvms
convert.toVm                     gethostconstraints
createdummyvm                    login
destroy                          logout
device.connection                message
device.connusbdev                power.getstate
device.disconnusbdev             power.hibernate
device.diskadd                   power.off
device.diskaddexisting           power.on
device.diskremove                power.reboot
device.getdevices                power.reset
device.toolsSyncSet              power.shutdown
device.vmiadd                    power.suspend
device.vmiremove                 power.suspendResume
devices.createnic                queryftcompat
get.capability                   reload
get.config                       setscreenres
get.config.cpuidmask             snapshot.create
get.configoption                 snapshot.dumpoption
get.datastores                   snapshot.get
get.disabledmethods              snapshot.remove
get.environment                  snapshot.removeall
get.filelayout                   snapshot.revert
get.filelayoutex                 snapshot.setoption
get.guest                        tools.cancelinstall
get.guestheartbeatStatus         tools.install
get.managedentitystatus          tools.upgrade
get.networks                     unregister
get.runtime                      upgrade
get.snapshotinfo

References:
1. http://www.thomasmaurer.ch/2012/09/activate-ssh-on-vmware-esxi-5-1/
2. http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc_50%2FGUID-DD4322FF-3DC4-4716-8819-6688938F99D7.html
3. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1038043

댓글 2개:

  1. esxcli network firewall ruleset --enabled true --ruleset-id=sshServer
    this isn't work; ruleset-id=sshServer <--- is this right?

    답글삭제