This time we will look at just two functions.
Enable-VMHostSSH/Disable-VMHostSSH from my PowerCLi Vi-Module.
- Very often, virtual infrastructure administrators must temporarily enable SSH on the ESXi host(s), for example, to run the esxtop or to clarify the PSOD reasons or to troubleshoot storage system (HBA, Multi pathing, etc.). Through SSH you can even eject the CDROM by executing
eject /dev/cdrom/mpx.*to determine the host’s location in a rack or connect to DCUI.
- To enable SSH through a GUI with vSphere/Web Client, you should make about 7-8 clicks considering opening the firewall. You will have to do this for the each host individually. Then all the same in the reverse order to disable SSH!
Total, for a small cluster of 5 hosts it will take around 70 clicks.
With the help of my functions it is two short lines, first to enable and the second to disable SSH. Use your Cluster name(s) or omit it to execute the function on all Clusters in Inventory.
Get-Cluster DEV | Enable-VMHostSSH Get-Cluster | Enable-VMHostSSH Get-Cluster DEV, TEST | Disable-VMHostSSH Get-Datacenter North | Get-Cluster | Disable-VMHostSSH
- The functions not only start/stop the SSH daemon, but also open/block SSH access by host’s firewall.
As expected, both functions return structured objects. I would like to draw your attention only to two properties of these objects –
SSHDaemon – the state of the TSM-SSH daemon.
- It may be one of these three values:
Unknown. If on one of the hosts you got
Unknownstate, you will find the reason in one of these properties:
PowerState(the host is not powered on now or unreachable).
SSHEnabled presents the firewall exception rule state.
- If you use optional parameter
Disable-VMHostSSHfunction will try to block SSH traffic (TCP:22) by host’s firewall.
When using this parameter, the
SSHEnabledproperty must become
False(i.e. the firewall blocked), but this does not happen, if the
SSH ServerFirewall Exception Rule is categorized as
Required Services(i.e. mandatory). In addition, you will see the error message
Block firewall portsin the
- This is not critical at all. There is good enough that the SSH daemon is stopped. This situation described in the VMware KB2037544.
If you still want to be able to block SSH traffic by firewall, this article will help you. The solution proposed in it requires to enable SSH too, so you can already do that by the
Both the functions support
Get-Cluster | essh –Confirm:$false Get-Cluster | dssh –Confirm:$false
- Well, despite the fact that the functions are very easy to use, I recommend you to take a look at the examples and content based help.
Get-Help Enable-VMHostSSH -Examples Get-Help Disable-VMHostSSH –Examples Get-Help Enable-VMHostSSH -Full Get-Help Disable-VMHostSSH –Full Get-Help Disable-VMHostSSH –Parameter BlockFirewall Get-Alias –Definition Enable-VMHostSSH Get-Alias –Definition Disable-VMHostSSH
You may also like:
Get-VMHostGPU – Get ESXi GPU info
Get-VMHostFirmwareVersion – Get ESXi servers BIOS/Firmware version
Set-VMHostNtpServer – Configure ESXi hosts NTP settings
Compare-VMHost – Compare two or more ESXi hosts