Remote access to ESXi hosts is a must for maintaining and managing a VMware environment. Accessing ESXi shell is possible via SSH, for example, by using PuTTy as a Secure Shell client. However, this option is disabled by default to avoid security threats, such as brute force attacks.
Enabling SSH on VMware ESXi hosts is a straightforward task. You can complete this process in a few ways.
This guide will show you how to enable SSH on an ESXi server using Direct Console UI and vSphere Web Client. The steps work on version 6 and above.
- SSH client on the remote machine
- Root access to the ESXi host
- Admin account for the vSphere Web Client
How to Enable SSH on ESXi (3 methods)
If you receive the "Connection refused" error when trying to connect to your ESXi host, then SSH is disabled.
Choose a method and follow the steps below to enable SSH on ESXi.
Note: If you are a Bare Metal Cloud user, follow the DCUI or the vSphere Host method, as vCenter is not supported at the moment.
Method 1: Enable SSH on ESXi via DCUI (Direct Console User Interface)
To enable SSH access on an ESXi server using DCUI, follow these steps:
1. Load the DCUI screen and press F2 to log in. For example, Bare Metal Cloud customers use the Remote Console via the BMC portal.
2. Enter the root password.
For phoenixNAP BMC servers, the root password appeared when you deployed your ESXi server.
The System Customization menu loads.
3. Navigate to Troubleshooting Options and hit Enter.
4. Navigate to Enable SSH and press Enter to enable the service.
When you enable SSH, the option in the menu changes and lets you know the service is enabled:
Use the ESC key to go back to the DCUI main menu.
Note: There is a timeout set for your session. Make sure to edit the settings before the session exits to avoid multiple logins. Use the Modify DCUI Idle timeout option to increase the value.
Method 2: Enable SSH on ESXi Host via vSphere Web Client
This method uses the vSphere Web UI to log in to the ESXi host and enable SSH.
1. Select Manage in the navigator pane.
2. Click the Services tab on the right side.
3. Select the TSM-SSH entry on the list. The service status shows Stopped. (TSM stands for Tech Support Mode).
4. Click Start to start the SSH service.
Alternatively, you can enable SSH by selecting Host in the left navigator pane. Then:
1. Click Actions.
2. Select Services.
3. Click Enable Secure Shell (SSH)
Note: When your VMware host restarts, SSH disables automatically. This setting is the default behavior. Follow the steps below to enable SSH automatically after restart.
To start SSH after ESXi host restart:
1. Select the TSM-SSH entry on the list.
2. Click Actions - > Policy.
3. Choose Start and stop with host, and the SSH service will activate after every host restart.
Method 3: Enable SSH on ESXi via vCenter
Non-BMC users can utilize the Web Client to log in to the vCenter instance and enable SSH.
Once you log in, select the host and:
1. Navigate to the Configure tab.
2. Scroll down and select Security Profile under the System section.
3. Locate the Services section and click the Edit button.
4. Locate and click the SSH entry on the list. Click Start to enable SSH.
If needed, you can edit the startup policy for the SSH service.
Test SSH ESXi Connection
Finally, when you enable SSH, open the SSH client and try to connect to your SSH host. Use the root user and try to log in.
If the SSH service is enabled, you will not get the Connection refused error. Instead, you successfully log in to the ESXi host.
This guide showed you three options to enable SSH on ESXi. For Bare Metal Cloud users, either of the first two methods will work.
This process is straightforward but enables remote ESXi management, so caution should be at a high level. If you do not plan on using SSH for some time, you might want to disable the service following the same steps as when enabling it.
Read our article on how SSH works to learn more.