• We are Serving 24/7 since 2012

PowerCLI: enable SSH and configure ESXi host Firewall

June 17, 2013

Table of Contents

Here is a post to help you be able to configure SSH to start automatically. This is done by PowerCLI scripts that hide the shell warning message and configure the ESXi firewall to allow connection from specific  IP addresses.

You first have to know where you can change the ESXi firewall settings. Here are the steps:

  • go to the configuration tab
  • select the security profile
  • select the rule you want to change and click on the firewall
  • select the option “Only allow connections from the following networks” and add the IP address or IP range you want to allow.

Below is the script that performs, you just have to change the $cluster and $ip variables. Copy the script to your PowerCLI session and run it.

$cluster = “<clusterName>”

$ip = “192.168.1.1”

foreach($vmHost in (Get-Cluster $cluster | Get-VMHost | Sort Name)){

    write-host “Configuring SSH on host: $($vmHost.Name)” -fore Yellow

    if((Get-VMHostService -VMHost $vmHost | where {$_.Key -eq “TSM-SSH”}).Policy -ne “on”){

        Write-Host “Setting SSH service policy to automatic on $($vmHost.Name)”

        Get-VMHostService -VMHost $vmHost | where { $_.key -eq “TSM-SSH” } | Set-VMHostService -Policy “On” -Confirm:$false -ea 1 | Out-null

    }

    if((Get-VMHostService -VMHost $vmHost | where {$_.Key -eq “TSM-SSH”}).Running -ne $true){

        Write-Host “Starting SSH service on $($vmHost.Name)”

        Start-VMHostService -HostService (Get-VMHost $vmHost | Get-VMHostService | Where { $_.Key -eq “TSM-SSH”}) | Out-null

    }   

    $esxcli = Get-EsxCli -VMHost $vmHost

    if($esxcli -ne $null){

        if(($esxcli.network.firewall.ruleset.allowedip.list(“sshServer”) | select AllowedIPAddresses).AllowedIPAddresses -eq “All”){

            Write-Host “Changing the sshServer firewall configuration”       

            $esxcli.network.firewall.ruleset.set($false, $true, “sshServer”)

            $esxcli.network.firewall.ruleset.allowedip.add(“$ip”, “sshServer”)

            $esxcli.network.firewall.refresh()

        }   

    }

    if(($vmHost | Get-AdvancedSetting | Where {$_.Name -eq “UserVars.SuppressShellWarning”}).Value -ne “1”){

        Write-Host “Suppress the SSH warning message”

        $vmHost | Get-AdvancedSetting | Where {$_.Name -eq “UserVars.SuppressShellWarning”} | Set-AdvancedSetting -Value “1” -Confirm:$false | Out-null

   }

}

The script is very handful, it checks if the SSH Service is running or not and will change the setting if necessary, also goes for the firewall configuration and the part to suppress the Shell warning message.

Home

Share on
Facebook
Twitter
LinkedIn
Pinterest
Most Popular
More posts

Dedicated Servers Quick Guide

What is a Dedicated Servers? Why bother using a dedicated server over a VPS or Shared Hosting?A dedicated server is a server 100% dedicated to your website/project or business needs.

Software Defined Single Sign On Database

Software Defined Single Sign On Database. One difficult task since the release of vSphere 5.1 has been the creation of SSO (Single Sign On) databases.  Creating an SSO database is

Managing Amazon EC2 VMs from the vSphere client

Automation and mulitplatformsupport is gaining more and more popularity. We already a multihypervisor management tool from VMware for Hyper-V and VMware. From vCloud Automation Center you can create workloads in

Get 90% Discount

First 3 People gets the Bonus!
Don't Miss Out Our Big Sale

Get 0-90% On All
247Rack Services

GET OFFER ⟶
247Rack

The Sale Is Until The End Of March