VMware Cloud Community
CoolonVsphere
Enthusiast
Enthusiast
‎02-15-2017 11:23 PM
Jump to solution

How to enable and disable SSH on Multiple Esxi in vCenter

Hi All,

Recently our security team asked for enabling ssh services on all esxi running in vcenter in different datacenter and cluster to scan authentication VA on each esxi.

This is bit of pain to go to every esxi and manually enable/disable ssh.We need help and solution from script we can achieve in single click.:-)

If we can get the script which will help us to enable & start ssh services on all esxi server & Once scanning is over, same service can be disable/stopped.

If someone has answer or script which is tested will be grateful him/her.

Thanks in advance.

1 Solution

Accepted Solutions
RAJ_RAJ
Expert
Expert
‎02-27-2017 12:53 AM
Jump to solution

HI,

For Single Host

Get-VMHost esxi | Get-AdvancedSetting -Name 'UserVars.ESXiShellInteractiveTimeOut' | Set-AdvancedSetting -Value "900" -Confirm:$false

For all the ESXi host

Get-VMHost | Get-AdvancedSetting -Name 'UserVars.ESXiShellInteractiveTimeOut' | Set-AdvancedSetting -Value "900" -Confirm:$false

RAJESH RADHAKRISHNAN VCA -DCV/WM/Cloud,VCP 5 - DCV/DT/CLOUD, ,VCP6-DCV, EMCISA,EMCSA,MCTS,MCPS,BCFA https://ae.linkedin.com/in/rajesh-radhakrishnan-76269335 Mark my post as "helpful" or "correct" if I've helped resolve or answered your query!

View solution in original post

0 Kudos
7 Replies
LucD
Leadership
Leadership
‎02-15-2017 11:38 PM
Jump to solution

Did you already check 1.  Re: ESXi - Enable/disable SSH


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
RAJ_RAJ
Expert
Expert
‎02-16-2017 12:03 AM
Jump to solution

Hi ,

Please find the below commands



Start a Partucular ESXi host Service


> Get-VMHost esxi-01.test.com | Foreach {  Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"}) -confirm:$false}


Key      Label   Policy     Running  Required

---      -----   ------     -------  --------

TSM-SSH  SSH     off        True     False


Start a Particular host Service all ESXi host


> Get-VMHost | Foreach {  Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"}) -confirm:$false}



Stop a Partucular ESXi host Service


> Get-VMHost esxi-01.test.com | Foreach {  Stop-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"}) -Confirm:$false}



Key      Label   Policy     Running  Required

---      -----   ------     -------  --------

TSM-SSH  SSH     on         False    False


Reference # https://vmarena.blogspot.ae/2016/05/work-with-vsphere-power-cli.html


RAJESH RADHAKRISHNAN VCA -DCV/WM/Cloud,VCP 5 - DCV/DT/CLOUD, ,VCP6-DCV, EMCISA,EMCSA,MCTS,MCPS,BCFA https://ae.linkedin.com/in/rajesh-radhakrishnan-76269335 Mark my post as "helpful" or "correct" if I've helped resolve or answered your query!
CoolonVsphere
Enthusiast
Enthusiast
‎02-22-2017 01:23 PM
Jump to solution

I would like to add one more steps

need to increase ssh timeout value to 300 second for all host in vcenter added

UserVars.ESXiShellTimeOut

# Set Remove UserVars.ESXiShellTimeOut to 900 on all hosts

Get-VMHost | Foreach { Set-VMHostAdvancedConfiguration -VMHost $_ -Name UserVars.ESXiShellTimeOut -Value 900 }

how to do i edit this to make final script

0 Kudos
LucD
Leadership
Leadership
‎02-22-2017 01:38 PM
Jump to solution

You mean like this?

Get-VMHost | %{

    Set-VMHostAdvancedConfiguration -VMHost $_ -Name UserVars.ESXiShellTimeOut -Value 300 -Confirm:$false

    Get-VMHostService -VMHost $_ | where{$_.Key -eq 'TSM-SSH'} | Start-VMHostService -Confirm:$false

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

CoolonVsphere
Enthusiast
Enthusiast
‎02-23-2017 10:17 AM
Jump to solution

As expected LuCD the one who is the first to anser 🙂 ...hats off to you

Due to busy scheduled today haven't yet tried the parameter given by you. Will check if works that coool. else You are there 🙂

thanks for one more time

regs

PS

0 Kudos
RAJ_RAJ
Expert
Expert
‎02-27-2017 12:53 AM
Jump to solution

HI,

For Single Host

Get-VMHost esxi | Get-AdvancedSetting -Name 'UserVars.ESXiShellInteractiveTimeOut' | Set-AdvancedSetting -Value "900" -Confirm:$false

For all the ESXi host

Get-VMHost | Get-AdvancedSetting -Name 'UserVars.ESXiShellInteractiveTimeOut' | Set-AdvancedSetting -Value "900" -Confirm:$false

RAJESH RADHAKRISHNAN VCA -DCV/WM/Cloud,VCP 5 - DCV/DT/CLOUD, ,VCP6-DCV, EMCISA,EMCSA,MCTS,MCPS,BCFA https://ae.linkedin.com/in/rajesh-radhakrishnan-76269335 Mark my post as "helpful" or "correct" if I've helped resolve or answered your query!
0 Kudos
CoolonVsphere
Enthusiast
Enthusiast
‎03-24-2017 05:48 AM
Jump to solution

Hi Raj

Its working perfectly can we get the out put result which runn on power cli screen. Will come to know which host failed and which host completed.

0 Kudos