Ask an Expert
I am unable to login to ESX Server with root or a root like ID
|
 |
|
Answer: Remote ssh access for the root user is disabled by default in fresh installations of ESX 3
The recommended way is to use a regular non-root account for remote ssh connection, and then use the su command to switch to the root account as this leaves an audit trail for the user activity.
Alternatively, you can configure sshd to allow the root user ssh connections by modifying /etc/ssh/sshd_config and setting ‘PermitRootLogin’ option to ‘yes’
To enable remote root access, you can also take advantage of a free automated tool called Veeam RootAccess.
Download Veeam RootAccess.
Veeam RootAccess is a free product to automate remote root access to ESX. Based on native SOAP API and ssh, the tool modifies the /etc/ssh/sshd_config file to enable/disable remote root access to ESX. RootAccess can also create a non-root account and use it to establish remote access through an ssh client. Learn more about Veeam RootAccess.
The same can be done by using a file editor (vi) or by following the steps below (Note that depending on your corporate audit policy this might not be the most favorable approach):
- Use putty to login to the ESX server under a regular account and execute ‘su’ command
- run perl by using the following command: ‘/usr/bin/perl -- - enable’
- Copy the text of the perl script below and paste it to the putty:
#!/usr/bin/perl -w
use strict;
my $VERSION = 1.0.0.1;
my ($PermitRootLogin_start, $PermitRootLogin_stop) =
(
"#Root Access",
"#Root Access"
);
my ($mode) = @ARGV;
open FH, "< /etc/ssh/sshd_config" or die "Error: cannot read file /etc/ssh/sshd_config ($!)\n";
my @content;
while (<FH>)
{
chomp;
push @content, $_;
}
close FH;
my $i = 0;
my $state = "";
for (; $i <= $#content; $i++)
{
if ($content[$i] =~ m/^([^#]*)/)
{
my $opt = $1;
if ($opt =~ m/PermitRootLogin\s+(\S+)/i)
{
$state = $1;
last;
}
}
}
my $resultState = "PermitRootLogin ";
if ($mode =~ m/enable/i)
{
$resultState = $resultState . "yes";
}
else
{
$resultState = $resultState . "no";
}
if (length ($state) > 0)
{
my $comments = 0;
if ($i > 0 && $i != $#content)
{
if (($content[$i-1] =~ m/$PermitRootLogin_start/i) && ($content[$i+1] =~ m/$PermitRootLogin_stop/i))
{
$comments = 1;
}
}
if ($comments)
{
$content[$i] = $resultState;
}
else
{
my @tmp;
if ($i > 0)
{
@tmp = @content[0..$i-1];
}
push @tmp, $PermitRootLogin_start;
push @tmp, $resultState;
push @tmp, $PermitRootLogin_stop;
push @tmp, @content[$i+1 .. $#content];
@content = @tmp;
}
}
else
{
push @content, $PermitRootLogin_start;
push @content, $resultState;
push @content, $PermitRootLogin_start;
}
open FH, "> /etc/ssh/sshd_config" or die "Error: cannot write file /etc/ssh/sshd_config ($!)\n";
foreach my $t (@content)
{
print FH "$t\n";
}
close FH;
system ("/etc/init.d/sshd restart") == 0 or die "Error: failed to restart SSH service ($!)\n";
__END__
- Verify that the root access is enabled by using putty or another ssh client
When creating a non-root user, make sure it is not root equivalent (ID does not equal to 0), and “Allow remote access” check box is selected.
Additional Info: “Command Line Interface Tips and Tricks for VMware ESX Server 2 and 3” by Russ Henmi, Technical Trainer. Refer to page 7: “CLI Access in VMware Infrastructure 3”
|
Download PDF
Comment on this article
