ESXi

Hi All,

ESXi 6.7 U2

There are two VMs running on this ESXi 

1. VM Windows server 2016

2.VM Centos 8

I need to make an SSH from ESXi to for example windows server VM...

an example would be 

[root@ESXi-Host:~] ssh MyUser@192.168.8.35

When I perform this command it ends up with connection timed out.

The Firewall is totally off in both VMs

I can for example make an SSH from Centos to the ESXi but the opposite does not work

Is there any idea, how can I access the VMs from ESXi with SSH ?

My Main purpose is to end one of the application running in the windows VM by a script runs in ESXi host.

Actually I am planning to have SSH access to windows VM and end the known process.

(SSH in ESXi is of course enabled not required to tell)

Ciao 

on the ESXi host is outgoing traffic enabled for the SSH protocol ??

This setting is on Configure-> System -> Firewall 

For Enable SSH Client (if it is disable) click EDIT 

Ciao Fabio,

SSH is enabled however in ESXi 6.7 it locates in another place, please see the screen shot very bottom of this message

Thank you for your answer, actually my ESXi is 6.7 and does not look like the screenshot that you send it.

Unfortunately there is no such setting available in my ESXi host.

I also added some screenshots as below on the left black screen you can see that from a centos os I can make an SSH to my ESXi host

on the other hand from ESXi host I can not start an SSH to that centos OS which is on the right black screen says "connection timed out"

Ciao

the difference you see in the screenshots is due to the fact that mine are taken from the vCenter, while your screenshots are taken from the local web console of your single ESXi host

While the report showing that your host has ssh enabled refers to inbound connections to your ESXi host

From the single ESXi web console there is the option to enable the ssh client, you have to do it from the command line Connect via SSH to your ESXi host and run the following command:

esxcli network firewall ruleset set --enabled=true --ruleset-id=sshClient

Ciao Fabio,

That was great help from you side.

Thank you very much and now I am in already as you may see in below screen shot

So in this screenshot I made SSH RuntimeUser@192.168.8.5 and finally from ESXi root I logged in to VM where windows server 2016 runs.

Thanks again and wish you a great day

BR

Volkan

May I ask another ssh question ?

that is not related with original problem but still its a side problem.

The problem is when make an SSH to my VM windows server 2016,

I can only run the script which includes command line command.

I can not run a powershell script, it seems like doing nothing

So as a brief: command line commands like TASKKILL works fine but if I use some poweshell commands

such as Get-Process Zenrt32 | Foreach-Object { $_.CloseMainWindow() | Out-Null } | stop-process –force

it does not work and no error message just seems like it does not doing anything

Ciao 

I tried the following command and it seems to go:

ssh pollaio/\administrator@192.168.1.120 'powershell -c get-host'

in my opinion you have to try to create a powershell script on the windows VM and launch it from the shell

ssh <username>@<password> 'powershell -c c:\script.ps1'

or find a method to launch multiple commands from the ssh command because if you try to start 

sh <username>@<password> 'powershell -c Get-Process Zenrt32 | Foreach-Object { $_.CloseMainWindow() | Out-Null } | stop-process –force' 

not run the command after Get-Process.

Ciao Fabio,

Thanks a lot at least I am one more step closer to end the Zenrt32 now with your wonderful powershell accessing command line.

The situation is as below but still I could not manage the perform remote powershell commands properly

Here I could get the process id of Zenrt32 which runs in the VM  .. The connection was a putty connection to ESXi Host and from ESXi host I could make an SSH to Windows VM 

Here I have created a script called closewindow.ps1 to be able to terminate the Zenrt32, 

(actually in the VM I can run this script in poweshell and it does what it should do I mean could terminate the Zenrt32)

But this script has to be run with below command

ssh Administrator@192.168.8.5<password> 'powershell -c C:\scripts\closewindow.ps1'

when I perform it nothing happens in VM but no error also I got in the putty ssh session to VM

command here is performed unfortunately no result has been taken.

Thank you 

Volkan

Ciao Fabio,

Some more steps as below; I must find out the error with closewindow.ps1 other wise 

I could create a text file in VM when connect from ESXi host with ssh as below

Here I send a command 

ssh Administrator@192.168.8.5 'powershell.exe -c "C:\Scripts\Test.ps1" '

here I see the result in windows server 2016 VM

I also run the closewindow.ps1 right in the windows VM and it worked as below command

C:\Windows\system32>powershell "C:\Scripts\closewindow.ps1"

here you can see I run the script in the background gray still Zenrt32 alive

somehow I must run the script twice and than below

so the Zenrt32 successfully endet in the windows VM , I expect the same result when

I do it through SSH from ESXi

actually the CloseMainWindow() function returns True when I 

run it directly in the VM windows as shown in below picture

When I run the same thing through SSH from ESXi it returns False as shown in below picture

I must find out what cause that, because it this case something should return from windows VM back to ESXi host ssh session,

maybe it loose the value during this backward transmission.

I dont know the root cause but I could found is as above black screen shot. It sound a challenging issue for me unless I dont find another method to close the runtime. CloseMainWindow function actuall does what it should do therefore I used that way. 

Otherwise Zenrt32 is not properly ends it suddenly terminates what we dont want actually, because there are some services have to be properly ended by Zenrt32 when we send cloasemainwindow() function to Zenrt32

br

Volkan

Ciao 

Have you solved it?

From what I have read on the Microsoft forums it seems that remotely it is not possible to use the CloseMainWindow command.

However, it requires further verification on Microsoft channels

Ciao,

I still suffering with the problem;

I also read something like below

the chances are;

1. I create an exe file basicall get-process id find the required process by name in the loop and use the closemainwindow method.

2. The exe file I created in c# in windows10 environment and then copied that exe into windows server 2016 VM but it did not run there. I dont know the reason.

3.Last chance is when the VM initiates a shutdown process, we will recognize it and will terminate our runtime based on that. 

I am now searching why my exe does not work in windows sertver 2016 while it works in windows 10.

below is the simpel code sniplet in C# which makes exactly the same job on line  power shell script 

Power shell has the same as below

Hi Fabio,

I was in vacation therefore there was a break.

I have found out that remote task schedule makes some progress.

so remotely I can start scheduled task via command line command.

Now I only have a problem in VM ware to include ssh pass package.

Because Vm ware does not have this package and I can not use this package.

ssh pass is a linux package and of course vm ware is explicitly not any linux release.

Because I want to login to remotely into a VM from Esxi and send a command through ssh pass.

I would be happy if there is a work around for this problem automatically login to remote VM from Esxi

Ciao 

If now your need is to access your linux VM from Host Esxi without entering the password you could try  (I haven't tested it) to use the ssh Key authentication (If you don't know it, here are some indications: How to use SSH keys for authentication - Tutorial - UpCloud)

On VMware you can try to follow the following guide:

How to SSH between ESXi 6.0U2 hosts without providing a password - CormacHogan.com

So using a pair of keys (public and private key), generated on your ESXi host and copied the public on the server you need to connect to, you should be able to connect without entering the password

Ciao Fabio,

I will test tomorrow your recommendations.

One month ago I tried to define RSA keys it did not work for me.

My remote VM is windows VM unfortunately not linux.

Of course we  will comply with security regulations without comprimising security we still should perform the necessary steps

Milla Grazie 

Volkan

Ciao Fabio,

Sorry for my late reply,

But I tried that RSA ssh key pairs thank you for the links.

The most important thing to done in windows, you must create authorized_keys file from scratch in the right ssh folder.

And the private key must be kept secret for example in our case

we setted up a ssh passwordless connection from ESXi to a windows VM. 

so I created the key pairs in ESXi and copied public key content into authorized_keys file in Windows.

Now it works perfectly i can ssh to VM from Esxi without prompted die password or user name.

NOW I have new challanges. I always find new challanges for myself to perform the right solutions.

1. How can I read the power loss in ESXi exactly IDRAC reads power statuses . Idrac shows power status for both power inlets.

So if can read those power inlets statuses I can create a logic that main power is lost.

2. How can I read SNMP messages broadcasted by 3rd party master agents to ESXi.

When the power lost happens either apc schneider or ompron Power act pro master agents broadcasts snmp messages, so I am aiming to catch them into a script and combine them with my logic in item 1 (that reading power status of power inlets)

I would be very happy if you can send me some information where I can find

1. How to read Power status of ESXi ?

2. How to catch SNMP messages in ESXi ?

Best Regards

Ciao 

Your objective is not clear to me, from what I understand you would like to intercept problems on the power supply of the HOST ESXi and then carry out certain operations (Turn off the VMs and the ESXi Host in case of fault of one of the two power supplies or problems on the UPS). Correct?

Ciao Fabio,

Precisely what I want is as you mentioned!

I would like to read the status of power from ESXi and than I could use them to shut down the VM and ESXi host itself.

Second aim is to read the messages from agents so I can still rely on the UPS that reports to me that power failure occurs.

So I dont want to decide only based on my readings from power status I also want to evaluate SNMP messages.

But I would like to run to my targets one by one piece by piece

Maybe good start would be reading power status of ESXi host.

Or any other better approach is also welcome.

Mille Grazie

Volkan

Ciao

To read the power status of the esxi host you can use the "PowerCLI" (Maybe you know and use them already)

https://vdc-repo.vmware.com/vmwb-repository/dcr-public/a0c00739-3d59-4356-b074-1cf2cb2c9d52/250e6e6e-b046-4aee-860d-26d4b7dc3320/GUID-2DD2454B-2B1134-A B442254F0681.html

With these you can create scrips that allow you to query ESXi HOSTs both directly and through the vCenter.
For example, if you want to know the power supply status of all the hosts of a vCenter you can use the script posted in this other community discussion

https://communities.vmware.com/t5/ESXi-Discussions/Export-All-Power-Supply-status-of-ESX-Hosts-using-PowerCLI/td-p/1426400

even if it's for an old version it should work.

This is the correct link for powercli installation

 VMware Developer Documentation

Ciao Fabio,

Thanks for the links, I check them and will let you know the results.