VMware Cloud Community
Groots
Contributor
Contributor
‎01-18-2008 11:35 PM
Jump to solution

How do you create users on the ESX 3.5 that can be used for remote logon using SSH/Putty

Best practice indicates that it is not good practice to allow "root" to be used to connect to a remote console using SSH (via a Putty session). It is better to create a user with minimal rights and then use -SU inthe console session to logon as "root". The installation guide for ESX 3.5 indicates that it is possible to add this type of user by select the Server in VIC and then selecting the Users/Groups tab and there is an option to create this type of user. The only place in VIC 2.5 that you can add Users/Groups is in the Permissions tab and that only allow them to be associated with specific roles.

I have tried to add a user using the console on the physical ESX 3.5 server via the "useradd" command, however it is not possible to log on using this newly created user.

In ESX 3.5, is it possible to add this type of user, and if so what is the correct procedure?

Tags (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
kastro
Enthusiast
Enthusiast
‎01-19-2008 06:33 AM
Jump to solution

For me this is working perfectly on ESX 3.5

useradd -p 'password' -c "user" user

You can also do it with VIC client, but you have to connect to ESX host (with root account) and not through VirtualCenter.

View solution in original post

Reply
0 Kudos
7 Replies
ascari
Expert
Expert
‎01-18-2008 11:58 PM
Jump to solution

Hi,

try to use this way: in Virtual Infrastructure Client, select your esx server, and click in user & group tab. Right click and the add user. Finally try to use ssh loghin with new user added..

bye Alberto

Reply
0 Kudos
kastro
Enthusiast
Enthusiast
‎01-19-2008 06:33 AM
Jump to solution

For me this is working perfectly on ESX 3.5

useradd -p 'password' -c "user" user

You can also do it with VIC client, but you have to connect to ESX host (with root account) and not through VirtualCenter.

Reply
0 Kudos
Groots
Contributor
Contributor
‎01-20-2008 04:45 AM
Jump to solution

The "useradd" command does not seem to work for me - I does not show up in the list of users when using VIC.

Using the VIC connected to the ESX host and not through Virtual Center seems to work well.

Reply
0 Kudos
petedr
Virtuoso
Virtuoso
‎01-20-2008 08:36 AM
Jump to solution

I just added a new user on my 3.5 box using useradd on the service console and it showed up on the VIC client user tab, interesting why it didn't work for you. To enable that user to log in throug the VI3 client it needs to be added to a group with the Read-Only permission but if needed just SSH access the useradd should have been enough. Main thing is you got it to work using adding through the VI3 client.

www.thevirtualheadline.com www.liquidwarelabs.com
Reply
0 Kudos
Groots
Contributor
Contributor
‎01-21-2008 10:08 AM
Jump to solution

I am not sure why I could not get it to work from the console on the ESX

server. As a matter of interest, can you send me a copy of the actual

command that you used to create the new user?

Thanks

Groots

Reply
0 Kudos
petedr
Virtuoso
Virtuoso
‎01-21-2008 10:25 AM
Jump to solution

I did in 2 steps ( created the user and then set the password) but I would think it would be the same as setting the password initially on the useradd command

useradd new_user

passwd new_user

www.thevirtualheadline.com www.liquidwarelabs.com
Reply
0 Kudos
cft3people
Contributor
Contributor
‎06-09-2008 10:34 AM
Jump to solution

Hey Groots,

I had the similar issue but I have figured out a way to get around this. For example, I have a group called tac that is the generic group we use throughout all of our environments for our administrators. To enable this I did some testing and noticed that users that could log on where users that were written to /etc/group for the particular group "tac". When I went to add a test user the first time I specified only its default group (this isn't writtent o /etc/group).. the next time I went to add it I specified the default group and the extended group which is written to /etc/group.

The exact command I used is useradd -g tac -G tac -c "Admin" admin1.

Hope this helps! I know that you are trying to add a specific user with specific permissions in VIC but I think it needs to belong to a group before he can actually do anything (like login) through VIC.

I just realized this is a super old post! Anyway, one last thing that seems to happen is that when you're adding new people to the group you have to "re add" the permissions through the permissions tab in VIC. One extra step, not a big deal when you're dealing with multiple accounts!

Reply
0 Kudos