VMware Cloud Community
BostonTechGuy
Enthusiast
Enthusiast
‎12-12-2013 01:34 PM

Audit of Host Password using SSH on PowerCLI

Afternoon,

Working with a client who is doing a migration of couple hundred Hosts to a new 5.1 vCenter.  For prep work I want to confirm the ROOT password for all the hosts. Reason for this, the client cant be certain if all the passwords are correct. I was thinking of leveraging a loop in PowerCLI to go through the list of all the Hosts, log into via SSH.  If the server gets in, great move to the next.  If not, note the server and continue to the next.


I have reviewed this article SSH from PowerShell using the SSH.NET library - Svendsen Tech Powershell Wiki on getting SSH working in PowerShell.  What I am working on is how to get PowerCLI to read the response the server gives. I cant seem to get PowerCLI/Powershell to read the output in the session for bad password.  I feel this is a simple "read the screen" input for the scripts.

Logically IF Output = Bad Password - Export "SSH IP" to text file and continue. Else continue with next server.

I know I can manually do this by either SSH to the host with PuTTY or log in via VMClient. I would rather do this with PowerCLI.

Thanks,

BostonTechGuy

Tags (2)
0 Kudos
2 Replies
LucD
Leadership
Leadership
‎12-12-2013 02:08 PM

Do you also need to test if SSH is enabled ?

If not, you could try the Connect-VIServer to each ESXi server.

Something like this

$pswd = "ThePassword"

$mode = Get-PowerCLIConfiguration -Scope Session | Select -ExpandProperty DefaultVIServerMode
if($mode -eq "Single"){
  Set-PowerCLIConfiguration -DefaultVIServerMode Multiple -Scope Session -Confirm:$false
}
$warning = $WarningPreference
$WarningPreference = "SilentlyContinue"

Get-VMHost | %{
  $srv = Connect-VIServer -Server $_.Name -User root -Password $pswd
  if($srv){
    "$($_.Name) - password is ok"
    Disconnect-VIServer -Server $srv -Confirm:$false
  }
  else{
    "$(_.Name) - password is not ok"
  }
}

if($mode -eq "Single"){
  Set-PowerCLIConfiguration -DefaultVIServerMode $mode -Scope Session -Confirm:$false
}

$WarningPreference = $warning


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

BostonTechGuy
Enthusiast
Enthusiast
‎12-13-2013 11:01 AM

Thanks Luc,

I really didnt occur to me to CONNECT-VISERVER to the Host.  Just a mental block.  Anytime I go to the hosts is usually either from console to ESXi "GUI" or via SSH.  This should work for testing the hosts passwords.

As for your SSH question, I didnt need to test if SSH is running. I have a script that will quickly go through all the Hosts and enable SSH.  If anyone was wondering :smileylaugh:

Thanks,

BostonTechGuy

0 Kudos