Have a look at Re: PowerCLI - Workaround for OpenSLP security vul... - VMware Technology Network VMTN

Thank you LucD,

I have gone through the above link and the scripts actually carry out the fix. All I want is an output to show a list of all my hosts in the vCenter with the slpd service name and if its on or off. I can only run the chkconfig --list | grep slpd at host level, like to run this on all hosts at once have an output on csv.

I hope that helps and thanks for your help in advance.

AMAZING.....you are a LEGEND...! Worked like a dream

I tested the above script in my lab. There are 3 esxi hosts in my lab and SLPD service stopped for 2 hosts and running on 1 host. However, the output showing SLPD off only.

I've attached a screenshot for the host where SLPD running. Could you please have a look.

What I think happened is the following.
The chkconfig --list command shows the persistent status of the service.
The /etc/init.d/slpd status shows the current status.

The code should in fact list the 2 options, current status and the persistent config.

Something like this

$user = 'root'
$pswd = 'VMware1!'

$cmdsub1 = @'
/etc/init.d/slpd status;
'@
$cmdsub2 = @'
chkconfig --list | grep slpd;
'@

$secPswd = ConvertTo-SecureString -String $pswd -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $secPswd)

Get-VMHost -PipelineVariable esx |
ForEach-Object -Process {
    Get-VMHostService -VMHost $esx | Where-Object { $_.Key -eq 'TSM-SSH' } | Start-VMHostService -Confirm:$false | Out-Null

    $session = New-SSHSession -ComputerName $esx.Name -Credential $cred -AcceptKey

    $current = Invoke-SSHCommand -SSHSession $session -Command $cmdSub1
    $persistent = Invoke-SSHCommand -SSHSession $session -Command $cmdSub2
    New-Object -TypeName PSObject -Property ([ordered]@{
        VMHost = $esx.Name
        Current = $current.Output[0]
        Persistent = $persistent.Output[0]
    })

    Remove-SSHSession -SSHSession $session | Out-Null

    Get-VMHostService -VMHost $esx | Where-Object { $_.Key -eq 'TSM-SSH' } | Stop-VMHostService -Confirm:$false | Out-Null
}

To stop the service and change the persistent setting, the original thread I pointed to does that

Excellent LucD. Both checks (persistent and current status) providing the result now. Appreciate your support.

Hi Lucd,

Thanks for reply, But when i run above script..I get error attached.

Regards,

Kumar.

Looks like the SSH session (New-SSHSession) was not established.

HI Lucd,

If i manually enable SSH and run the below script to verify the SLP status, SSH gets disabled. So it's not able open new SSH session

$cmdsub1 = @'
/etc/init.d/slpd status;
'@
$cmdsub2 = @'
chkconfig --list | grep slpd;
'@

$secPswd = ConvertTo-SecureString -String $pswd -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $secPswd)

Get-VMHost -PipelineVariable esx |
ForEach-Object -Process {
Get-VMHostService -VMHost $esx | Where-Object { $_.Key -eq 'TSM-SSH' } | Start-VMHostService -Confirm:$false | Out-Null

$session = New-SSHSession -ComputerName $esx.Name -Credential $cred -AcceptKey

$current = Invoke-SSHCommand -SSHSession $session -Command $cmdSub1
$persistent = Invoke-SSHCommand -SSHSession $session -Command $cmdSub2
New-Object -TypeName PSObject -Property ([ordered]@{
VMHost = $esx.Name
Current = $current.Output[0]
Persistent = $persistent.Output[0]
})

Remove-SSHSession -SSHSession $session | Out-Null

Get-VMHostService -VMHost $esx | Where-Object { $_.Key -eq 'TSM-SSH' } | Stop-VMHostService -Confirm:$false | Out-Null
}

Regards,

Kumar

That code disables the SSH service at the end.
But does New-SshSession actually work?
What is returned when you do

New-SSHSession -ComputerName MyEsx -Credential $cred -AcceptKey -Verbose

Does the ESXi firewall allow SSH traffic?
Check with

Get-VMHostFireWallException -VMhost MyEsx -Name 'SSH *'

Is the SSH session timeout set too short?
Check with

Get-AdvancedSetting -Entity MyEsx -Name 'UserVars.ESXiShellTimeOut'