VMware Cloud Community
kingcap3
Contributor
Contributor
‎08-12-2011 02:41 AM
Jump to solution

Powercli starting and stopping ssh and required vcenter permissions

We are going to use VMA PowerCLI to start and stop SSH through vcenter for our ESXi 4.1 hosts. We need to do this as we will start ssh, run a security nessus scan and then stop ssh. We are quite happy with the VMA PowerCLI commands to do this and have seen a number of blogs on this subject. What we have done is create a specific AD user that we will use through PowerCLI to login to vCenter and perform the start and stopy of SSH. What I would like to do is restrict this user with a specific priviledge within vCenter so that all this user can do is start and stop SSH. Is there a specific priviledge within vCenter that I can create a role for and assign it to this user.

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎08-12-2011 09:02 AM
Jump to solution

Yes, Host and then Config


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
5 Replies
LucD
Leadership
Leadership
‎08-12-2011 03:57 AM
Jump to solution

To manipulate the host services, not ssh specifically, you will need the Host.Config.NetService privilege.

As you can see on the HostServiceSystem SDK page.

You will need some additional privileges just to access the vSphere server as well.

You can easily see those with for example

Get-VIRole -Name readonly | Get-VIPrivilege

To create a new role you could do

New-VIRole -Name ServiceOperator -Privilege (Get-virole readonly | Get-VIPrivilege)

Get-VIRole ServiceOperator | Set-VIRole -AddPrivilege "Network configuration"


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
kingcap3
Contributor
Contributor
‎08-12-2011 04:50 AM
Jump to solution

Where do I set Host.Config.NetService priviledge, as this doesn’t seem to be a setting in vCenter??

0 Kudos
LucD
Leadership
Leadership
‎08-12-2011 05:03 AM
Jump to solution

See the PowerCLI exmaple in my previous answer.

You can also do this in the vSphere Client when you go to the Roles entry.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
kingcap3
Contributor
Contributor
‎08-12-2011 08:10 AM
Jump to solution

I don’t see this in the Roles entry

Is it under the host priviledge

0 Kudos
LucD
Leadership
Leadership
‎08-12-2011 09:02 AM
Jump to solution

Yes, Host and then Config


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos