• Prior to NSX-T 3.2.0, ssh root access can only be configured during the NSX manager deployment.
• Starting with NSX-T 3.2.0 and above, root ssh access can be configured/modified after deployment using the admin CLI.

VMware NSX

• Login to the NSX manager as user admin and follow through the steps below.
• To get the ssh service status of NSX manager

> get service ssh
Service name:      ssh
Service state:     running
Start on boot:     True
Root login:        disabled

Note :- If ssh service is not running, putty/ssh of NSX manager won't connect. In that case, login to the vCenter server web interface where the NSX manager is present and directly access the console of NSX manager. Login as user admin and run the command start service ssh 
            Re-run the command get service ssh to ensure Service state shows as running. You can now open the ssh/putty and connect to the NSX manager command line interface.

• To enable root ssh login of NSX manager, login to the NSX manager as user admin and run the command below. This is used to connect to the putty/ssh of the NSX manager directly as root.
  
  > set ssh root-login
  
  > get service ssh
  Service name:      ssh
  Service state:     running
  Start on boot:     True
  Root login:        enabled
  
  
• To disable the direct root ssh, login to the NSX manager as user admin and run the commands below.

> clear ssh root-login

> get service ssh
Service name:      ssh
Service state:     running
Start on boot:     True
Root login:        disabled

• To login to the root user via admin cli, login to the NSX manager as user admin and run the command below. 

> st en
Password:

• Provide the root user password of NSX manager to proceed with the login

Note :- To be able to connect to the NSX manager via WinSCP as user root, you need to enable the direct root login as per the steps mentioned above.