Hi,
SSH should keep enabled or not in VM host ?
Or just enable it if needed ?
Thanks
two ways to check it.
1) DCUI -> Troubleshooting Options
2) login directly in your ESXi host using vSphere client and go to Configuration -> Security profile. (provided that your host didn't have Lockdown mode enabled)
Hi,
Its advised to have the SSH disabled by default and enabled only when needed. That is the reason why you see a warning to come up on ESXi summary tab when SSH is enabled.
--Avinash
Hi,
But once host can't be access through vCenter, how do I check it if through SSH not enabled ?
Thanks
two ways to check it.
1) DCUI -> Troubleshooting Options
2) login directly in your ESXi host using vSphere client and go to Configuration -> Security profile. (provided that your host didn't have Lockdown mode enabled)
Hi,
Since the host is not responding in vCenter server, try launching a vsphere client to esxi host directly. if still fails
you could use KVM or DCUI -- troublshooting options -- enable ssh.
--Avinash
I have an experience that vCenter can't connect to host, otherwise can't manage through DCUI (freezed).
Under this siutation, anyway to check or fix ?
Thanks
Hi,
I suspect a a storage issue and management agents are hung. you need to look into the logs.
vmkernel and hostd.
-- Avinash
I strongly disagree with the opinion that SSH should be disabled by default. That opinion is both arbitrary and fails to take into account the overall security of the Management Network.
Bottom line is that, when my management network is itself insecure, than enabling SSH by default may not be a good idea. If, however, my management network exists in a bunker underground somewhere and is not connected to the internet and/or other networks, SSH should not be a vulnerability!
Furthermore, as an administrator, my mission (and a large part of the purpose of vSphere) is to make my organizations mission-critical applications as available as possible. Given a secure Management Network, if there were to be a vSphere outage affecting mission-critical services, I believe it is contraindicated to take any extra time at all in order to enable SSH and begin the diagnosis/recovery process!