VMware Cloud Community
tirher
Contributor
Contributor
Jump to solution

Change port SSH on ESXi 5

How can i can change the default port of ssh on vmware ESXi 5.0?

I found that in the /etc/ssh/sshd_config the line that contains:

Port 22

I change the numbre with other, but i don't know how restart the services. How can reset SSHd?

Thanks

Reply
0 Kudos
1 Solution

Accepted Solutions
athlon_crazy
Virtuoso
Virtuoso
Jump to solution

Though not supported, you can try below method(Tested on ESXi5.0).

1) Create new custom firewall ruleset let say sshnew.xml in any datastore eg: /vmfs/volumes/datastore1:

<!-- Firewall configuration information for FDM -->
<ConfigRoot>
<service id='0000'>
<id>sshnew</id>
<rule id='0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>2200</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>

2) Make the script persistent after reboot by editing /etc/rc.local and add below line:

#Create custom SSHNEW rule
cp /vmfs/volumes/datastore1/ssh.xml /etc/vmware/firewall

#Refresh Firewall Rules
/sbin/esxcli network firewall refresh

Happy... SSH

ssh2.png

http://www.no-x.org

View solution in original post

Reply
0 Kudos
10 Replies
Troy_Clavell
Immortal
Immortal
Jump to solution

check the below, it should still be applicaiton for ESXi5

http://vm-help.com/esx40i/ESXi_enable_SSH.php

Changing the port for SSH

To change the port for SSH, edit the file  /etc/services and change the SSH port listed in the file. Save the file  and repeat step 6 above
Reply
0 Kudos
athlon_crazy
Virtuoso
Virtuoso
Jump to solution

Host -> configuration -> security profile -> services -> SSH -> option -> restart

ssh.png

http://www.no-x.org
Reply
0 Kudos
tirher
Contributor
Contributor
Jump to solution

Yes, i proved to restart from vSphere Client, but the port still is the default. Don't take the change.

Reply
0 Kudos
tirher
Contributor
Contributor
Jump to solution

I try this link to, but i haven't initd in my VMware ESXi 5. This is for ESXi 4.

#ps | grep inetd

#

#ls -l /etc/inetd.conf

ls: /etc/inetd.conf: No such file or directory

Reply
0 Kudos
Troy_Clavell
Immortal
Immortal
Jump to solution

restart the managment agents instead

services.sh restart

tirher
Contributor
Contributor
Jump to solution

Troy Clavell wrote:

restart the managment agents instead

services.sh restart

With this command i see that the port was changed, because i do ssh in localhost with other port that the default and connect perfect. But now the problem is in the firewall, ESXi 5 have iptables? How can i enable the port in the firewall?

Reply
0 Kudos
Troy_Clavell
Immortal
Immortal
Jump to solution

you should be able to do this using the vSphere Client... Under the Configuration Tab--Security Profile.  I don't have a ESXi5 Host handy today, or I could give you step by step.

Reply
0 Kudos
athlon_crazy
Virtuoso
Virtuoso
Jump to solution

Though not supported, you can try below method(Tested on ESXi5.0).

1) Create new custom firewall ruleset let say sshnew.xml in any datastore eg: /vmfs/volumes/datastore1:

<!-- Firewall configuration information for FDM -->
<ConfigRoot>
<service id='0000'>
<id>sshnew</id>
<rule id='0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>2200</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>

2) Make the script persistent after reboot by editing /etc/rc.local and add below line:

#Create custom SSHNEW rule
cp /vmfs/volumes/datastore1/ssh.xml /etc/vmware/firewall

#Refresh Firewall Rules
/sbin/esxcli network firewall refresh

Happy... SSH

ssh2.png

http://www.no-x.org
Reply
0 Kudos
kattrap
Contributor
Contributor
Jump to solution

Not to bump an old thread, but google brought me here.

Don't do "services.sh restart", this is overkill.

/etc/init.d/SSH restart

is all you need for the configuration change to take.

..and nice custom firewall rule.. :thumbsup:

Reply
0 Kudos
timtrace
Contributor
Contributor
Jump to solution

I did exactly as described, and I get "connection refused" when directing the vSphere client to 192.168.100.11:444 (my new port).  Likewise with Putty.

Did I miss something?

(running 623860)

Reply
0 Kudos