tdubb123
Expert
Expert

TSM-SSH going back to policy off and stopped

I am getting a few hosts that is getting the policy going back to off and running status stopped even after I start and set the policy to start and stop with host

any idea what is causing this?

I need to enable ssh on these hosts but something is stopping the service and turning htrp olicy off

0 Kudos
5 Replies
sk84
Expert
Expert

Have you configured the following advanced option on the hosts (maybe because of vSphere Hardening, PCI-DSS or ISO 27001 compliance)?

UserVars.ESXiShellTimeOut

If this value is not 0, the ESXi shell and also SSH is disabled after x seconds.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
tdubb123
Expert
Expert

I saw some servers have it set to 600

the only way to overide this is set it to 0 and start the ssh?

0 Kudos
sk84
Expert
Expert

The advanced option "UserVars.ESXiShellTimeOut" defines after how many seconds a local or remote shell (and therefore also SSH) will be disabled. A value of 0 indicates that a shell will never be disabled and thus SSH service would run permanently.

But for security reasons it is not recommended to deactivate the shell timeout in production environments. Local and remote shells should only be started on demand.

If you still want to disable the timeout, stop SSH and the ESXi shell service, set this timeout value to 0, and then restart SSH and the ESXi shell service again.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.
tdubb123
Expert
Expert

actually I have hosts that have esxishelltimeout not set to 0 but I can still ssh to

but then another one thast is set and keeps turning ssh off. evcen before the timeout value has been reached

Solfver
Enthusiast
Enthusiast

Hi in my case,

TSM SSH policy keeps the setting as start, stop with host eventhough I changed it to Manual start stop..

I have no clue how to revert back this policy setting.

Seems like this setting is overwritten in somewhereelse.

0 Kudos