jump to navigation

Enabling the ESXi Shell for Troubleshooting November 18, 2012

Posted by vbry21 in VCAP5-DCA.
trackback

As part of my preparation for the VCAP5-DCA exam I’ve been messing about with the ESXi shell.

The ESXi shell allows us to enter and run commands directly in the VMware vSphere ESXi Shell and VMware say that this should only ever be used in troubleshooting situations.

Ideally for command line we should use either the VMware vSphere Command-Line Interface (vCLI) or the VMware vSphere Management Assistant (vMA).

So how do we enable the ESXi Shell.

In the DCUI of the ESXi host, press F2 and provide credentials when prompted.

Scroll to Troubleshooting Options and press Enter.

Select Enable ESXi Shell and press Enter.

On the left, Enable ESXi Shell changes to Disable ESXi Shell. On the right, ESXi Shell is Disabled changes to ESXi Shell is Enabled.

Press Esc until you return to the main DCUI screen.

Local users that are assigned to the administrator role automatically have local shell access. Assigning local shell access to the administrator role prevents the root account from being shared by multiple users. Sharing the root account presents security issues and makes auditing the host difficult.

If you enable SSH access, do so only for a limited time. SSH should never be left open on an ESXi host in a production environment.

If SSH is enabled for the ESXi Shell, you can run shell commands by using an SSH client, such as SSH or PuTTY.

To enable SSH from the vSphere Client:

Select the host and click the Configuration tab.

Click Security Profile in the Software panel.

In Services, click Properties.

Select SSH and click Options.

Change the SSH options. To change the Startup policy across reboots, click Start and stop with host and reboot the host.

Click OK.

To enable the local or remote ESXi Shell from the vSphere Client:

Select the host and click the Configuration tab.

Click Security Profile in the Software panel.

In Services, click Properties.

Select ESXi Shell and click Options.

Change the ESXi Shell options. To change the Startup policy across reboots, click Start and stop with host and reboot the host.

Click OK.

The ESXi Shell timeout setting specifies how long, in minutes, you can leave an unused session open. By default, the timeout for the ESXi Shell is 0, which means the session remains open even if it is unused. If you change the timeout, for example, to 30 minutes, you have to log in again after the timeout period has elapsed.

To modify the ESXi Shell Timeout:

In the Direct Console, follow these steps.

Select Modify ESXi Shell timeout and press Enter.

Enter the timeout value in minutes and press Enter.

In the vSphere Client, follow these steps:

In the Configuration tab’s Software panel, click Advanced Settings.

In the left panel, click UserVars.

Find UserVars.ESXiShellTimeOut and enter the timeout value in minutes.

Click OK.

 

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: