8 thoughts on “Service Console SSH access on ESX 4.1”

  1. Here’s a way that I found out:

    1. Add a new user from VSphere Client -> Host Machine -> Local Users and Groups
    2. Check the Grant shell access to this user tab
    3. Add required group memberships( I think sshd and root are needed)
    4. Right Click on the Host name and click Add Permission
    5. Click Add and select the newly created user.Now grant necessary privilages to this user. and Click OK.
    6. In the configuration tab for the host, click on Software->Security Profile.
    7. Click on Properties and Add the SSH Client access functionality.
    8. Now you are ready to ssh into the instance.

  2. Hello Kiran,

    As per your doc mentioned on 3. Add required group memberships( I think sshd and root are needed)

    Which will user will be added to root group, which is goinging to be a security breach.

    So, pls careful before adding to root group.

    Thank you

  3. Thanks for sharing, ugly little change, big consequences… don’t really understand why they did this.

    I added the local user to ROOT group now, only way to keep ROOT from logging in remotely.

  4. thanks for sharing!

    i solved the issue of having the users in the root group.

    that’s how:

    in the /etc/pam.d/sudo files, there’s the line:

    auth include system-auth

    so, opening the system-auth file we get:

    auth required /lib/security/$ISA/pam_access.so

    that means that the access are controlled with the file /etc/security/access.conf

    the syntax in this file is:

    permission:user/group:origins (man access.conf)

    so we can put something like:

    +:wheel:ALL

    in this file so now all users in the group wheel are accepted.

    now we can just add our users in the wheel group.

    hope that helps.

  5. Thanks for the article….this helps!

    So I have been looking further into it…
    We couldn’t login because we check access.conf in our pam.d/sshd file…we had to add our “users” group to ESX permissions/role. Now the support people are able to login.

    vimsh -n -e “vimsvc/auth/entity_permission_add vim.Folder:ha-folder-root ‘users’ true Admin true”

Comments are closed.