You can login with a standard user account and then use "su" command to

elevate to root. Or you can change setting as Franck mentioned.

I do not think either way will work right away with ESX 4.1. Between 4.0 and 4.1 a change was introduced that demands that any SSH user must have the Administrator Role on the ESX host to log on, otherwise it the logon will be rejected.

skishore points out the 'best practice' way to setup and use SSH to the host, but I too have this issue now with hosts upgraded from 4.0 to 4.1. I will try to add my local user account to an administrative group, but has anyone else seen this and/or come up with a resolution? What specific group on the host will bypass this new security feature? Is this documented anywhere in the Release documentation? I didn't see it when I read the whole thing over again.

skishore points out the 'best practice' way to setup and use SSH to the host, but I too have this issue now with hosts upgraded from 4.0 to 4.1.

It was a best practice before 4.1, but is not anymore since it is not working. This is a quite strange change, but it is in the release notes. I do not have the link at the moment unfortunaly.

So the user that do the initial SSH login must have the role of local Administrator on the ESX host. If needing root access he/she can then use su if wanted after the logon.

I found a work-around to this so that you can enable SSH to a user, however when the ESX host is rebooted the setting reverts to normal. We will be implimenting AD authentication to our hosts now using VAS, as we do on all other UNIX/Linux hosts today. Here is the link to the article I found with work-around:

http://www.forgenet.tamilbot.com/?p=80190

Solution:

edit vi /etc/security/access.conf

you will see

+:root:ALL

+:vpxuser:ALL

+:vslauser:ALL

-:ALL:ALL –> which mean deny all users

add +:username:ALL –> this will allow user to login through SSH console

This method really works.. I was having the same problem. Thanks JonT

Thanks JonT , the best answer ))