VMware VI3 Root Shell Access

In this article I am trying to answer the following questions, which seems to pop up all the time.

How to enable Shell Access for the root account in VMware VI3 (VMware ESX)?
Is it the same way in VMware VI3 V3.5?
Why would I want to enable shell Access for the root account?
Why does VMware disable it by default?
What’s your recomendation in this regard?

Ok, Lets take one by one of these questions and answer it:

How to enable Shell Access of the root account in VMware VI3 (VMware ESX)?

To enable Shell Access of the root account in VMware VI3 all you have to do is login to the terminal with your root account. Or login through ssh using a user account then elevate to root.

After that go to the /etc/ssh directory

cd /etc/ssh/
Then edit /etc/ssh/sshd_config using vi

vi sshd_config

Then change the No to Yes next to the PermitRootLogin as shown in the below snapshot

vmware vi3 permit root login

Save the file by pressing :wq

then restart your VMware ESX server.

After that your VMware ESX Root will have shell access.

Is it the same way in VMware VI3 V3.5?

Yes, the same trick still work in V3.5.

Why would I want to enable shell Access for the root account?

Well, so many of time you want to have SFTP access to you VMware ESX box and don’t have the time to fuddle up with it to get a normal user to work with SFTP. So it can be a fast and easy dirty trick to do so.

Why VMware Originally disable it?

For security reasons, as its not a very good idea to give the root a direct shell access to your VMware ESX. Its a lot more secure when you login as a normal user then elevate to root using the SU -command.

What’s your recomendation in that regard?

Don’t use this method for machines where highest security is a must. In addition, don’t use it with machines facing the internet directly. Further more, you can enable the shell access when you need initially to upload your Images to the VMware ESX then disable it again after that.

I hope this was useful to every one.

Comments

  1. The faster way to do it:

    sed -e ‘s/PermitRootLogin no/PermitRootLogin yes/’ -i /etc/ssh/sshd_config

    /sbin/service sshd reload

    Besides you can use only ssh certicates to authorize via ssh. So you can customize config file to inlude:

    RSAAuthentication yes
    PubkeyAuthentication yes
    RhostsRSAAuthentication no
    HostbasedAuthentication no
    ChallengeResponseAuthentication no
    PasswordAuthentication no
    KerberosAuthentication no
    GSSAPIAuthentication no

  2. Hi funek,

    Thanks for the great contribution.

    Best Regards,
    VMbloggie

Speak Your Mind

*