Advertisements

6 comments

2 pings

Skip to comment form

  1. Here’s a way that I found out:

    1. Add a new user from VSphere Client -> Host Machine -> Local Users and Groups
    2. Check the Grant shell access to this user tab
    3. Add required group memberships( I think sshd and root are needed)
    4. Right Click on the Host name and click Add Permission
    5. Click Add and select the newly created user.Now grant necessary privilages to this user. and Click OK.
    6. In the configuration tab for the host, click on Software->Security Profile.
    7. Click on Properties and Add the SSH Client access functionality.
    8. Now you are ready to ssh into the instance.

    • oSN! on November 13, 2010 at 6:45 pm

    Thank you for the time you saved me Alex. I didn’t notice this anywhere in the upgrading docs.

  2. Hello Kiran,

    As per your doc mentioned on 3. Add required group memberships( I think sshd and root are needed)

    Which will user will be added to root group, which is goinging to be a security breach.

    So, pls careful before adding to root group.

    Thank you

    • vmexpert on March 3, 2011 at 10:51 am

    Thanks for sharing, ugly little change, big consequences… don’t really understand why they did this.

    I added the local user to ROOT group now, only way to keep ROOT from logging in remotely.

    • marcogh on May 24, 2011 at 11:31 am

    thanks for sharing!

    i solved the issue of having the users in the root group.

    that’s how:

    in the /etc/pam.d/sudo files, there’s the line:

    auth include system-auth

    so, opening the system-auth file we get:

    auth required /lib/security/$ISA/pam_access.so

    that means that the access are controlled with the file /etc/security/access.conf

    the syntax in this file is:

    permission:user/group:origins (man access.conf)

    so we can put something like:

    +:wheel:ALL

    in this file so now all users in the group wheel are accepted.

    now we can just add our users in the wheel group.

    hope that helps.

    • Utsav on June 9, 2011 at 10:06 pm

    Thanks for the article….this helps!

    So I have been looking further into it…
    We couldn’t login because we check access.conf in our pam.d/sshd file…we had to add our “users” group to ESX permissions/role. Now the support people are able to login.

    vimsh -n -e “vimsvc/auth/entity_permission_add vim.Folder:ha-folder-root ‘users’ true Admin true”

  1. […] has already posted his first article and for those of us that know him it is typical Alex.  lighthearted and technical.  we […]

  2. […] This post was mentioned on Twitter by VMware Planet V12n, tom_howarth, tom_howarth, PatrickRedknap, PlanetVM Net and others. PlanetVM Net said: RT @PlanetVM: New Post on PlanetVM.NET thanks to our new guest blogger Alex_M http://tinyurl.com/33omuno […]

Comments have been disabled.

%d bloggers like this: