• We are Serving 24/7 since 2012

PowerCLI: enable SSH and configure ESXi host Firewall

June 17, 2013

Table of Contents

Here is a post to help you be able to configure SSH to start automatically. This is done by PowerCLI scripts that hide the shell warning message and configure the ESXi firewall to allow connection from specific  IP addresses.

You first have to know where you can change the ESXi firewall settings. Here are the steps:

  • go to the configuration tab
  • select the security profile
  • select the rule you want to change and click on the firewall
  • select the option “Only allow connections from the following networks” and add the IP address or IP range you want to allow.

Below is the script that performs, you just have to change the $cluster and $ip variables. Copy the script to your PowerCLI session and run it.

$cluster = “<clusterName>”

$ip = “192.168.1.1”

foreach($vmHost in (Get-Cluster $cluster | Get-VMHost | Sort Name)){

    write-host “Configuring SSH on host: $($vmHost.Name)” -fore Yellow

    if((Get-VMHostService -VMHost $vmHost | where {$_.Key -eq “TSM-SSH”}).Policy -ne “on”){

        Write-Host “Setting SSH service policy to automatic on $($vmHost.Name)”

        Get-VMHostService -VMHost $vmHost | where { $_.key -eq “TSM-SSH” } | Set-VMHostService -Policy “On” -Confirm:$false -ea 1 | Out-null

    }

    if((Get-VMHostService -VMHost $vmHost | where {$_.Key -eq “TSM-SSH”}).Running -ne $true){

        Write-Host “Starting SSH service on $($vmHost.Name)”

        Start-VMHostService -HostService (Get-VMHost $vmHost | Get-VMHostService | Where { $_.Key -eq “TSM-SSH”}) | Out-null

    }   

    $esxcli = Get-EsxCli -VMHost $vmHost

    if($esxcli -ne $null){

        if(($esxcli.network.firewall.ruleset.allowedip.list(“sshServer”) | select AllowedIPAddresses).AllowedIPAddresses -eq “All”){

            Write-Host “Changing the sshServer firewall configuration”       

            $esxcli.network.firewall.ruleset.set($false, $true, “sshServer”)

            $esxcli.network.firewall.ruleset.allowedip.add(“$ip”, “sshServer”)

            $esxcli.network.firewall.refresh()

        }   

    }

    if(($vmHost | Get-AdvancedSetting | Where {$_.Name -eq “UserVars.SuppressShellWarning”}).Value -ne “1”){

        Write-Host “Suppress the SSH warning message”

        $vmHost | Get-AdvancedSetting | Where {$_.Name -eq “UserVars.SuppressShellWarning”} | Set-AdvancedSetting -Value “1” -Confirm:$false | Out-null

   }

}

The script is very handful, it checks if the SSH Service is running or not and will change the setting if necessary, also goes for the firewall configuration and the part to suppress the Shell warning message.

Home

Share on
Facebook
Twitter
LinkedIn
Pinterest
Most Popular
More posts

Dedicated Servers Quick Guide

What is a Dedicated Servers? Why bother using a dedicated server over a VPS or Shared Hosting?A dedicated server is a server 100% dedicated to your website/project or business needs.

Release: Veam Backup & Replication 6.5

For those not aware, there has been a new release of the Veam Backup & Replication 6.5. It’s very interesting, the first backup solution for vSphere 5.1 and windows Server

Dedicated SERVER Special
50% OFF for Life!

🔥 DELL Bare-metal Dedicated Server in New York

🔹  Intel Gold 80 Cores
🔹  23TB SSD Flash +
🔹1TB NVMe (W RAID)
🔹 1TB DDR4 RAM 
🔹 10Gbps Redundant Uplinks 
🔹 10 IPv4 + IPv6 Addresses Included 

💲 Just $699/month – 50% OFF FOR LIFE! (Reg $1399/month)
🚀 Zero Setup Costs | Flexible OS: Ubuntu, Proxmox, ESXi, Windows, etc.

✅ Reserve Risk-Free! 30-Day Money-Back Guarantee
💡 100% Uptime Assurance – Enterprise-Grade Hardware 

🖥 Ideal for Virtualization, Data-Intensive Apps, & High Traffic Sites

Use coupon code at checkout for the discount to apply FBHEO3023EJFB
⚡ Limited Availability – Don’t Miss Out!

ORDER NOW

Get 90% Discount

First 3 People gets the Bonus!
Don't Miss Out Our Big Sale

Get 0-90% On All
247Rack Services

GET OFFER ⟶
247Rack

The Sale Is Until The End Of March