In some cases, you may need to enable SSH on ESXi. Some of the most common use cases are to use performance tools like esxtop or to edit host configuration. There are two simple ways to do this, depending on how you are managing your ESXi hosts. You can enable SSH through vCenter using the vSphere Client or through the VMware ESXi client for standalone hosts not using vCenter.
CAUTION: Enabling SSH on your ESXi hosts is a security risk. It should be IMMEDIATELY disabled once you have finished your activities.
Enabling SSH on ESXi through vCenter
Below are the steps you need to follow to enable SSH on ESXi.
Start by logging into vCenter server.
- Click the host in the left navigation pane.
- Click Configure
- Click services
- Click SSH
- Click Start
Remember to follow this process to STOP to DISABLE the SSH client when you are finished.
Enabling SSH on ESXi through the ESXi client
The ESXi client can be used to enable SSH on ESXi hosts that are not managed by vcenter (and hosts that are also managed by vCenter). Using this method, you connect directly to host instead of through vCenter.
Navigate to the FQDN of the ESXi host, log in, then follow these steps.
- Click manage
- Click Services
- Scroll down until you see the TSM-SSH service, and click on it
- Click the start button
You can also use this process to disable SSH on ESXi by clicking the STOP button once you have completed your work.
With ransomware threat actors targeting ESXi, it is ESSENTIAL that SSH remains DISABLED when not in use. You can learn more about VMware’s SSH security guidance here.