Enabling shell access for Active Directory users via SSH to vCenter Server Appliance (VCSA)
search cancel

Enabling shell access for Active Directory users via SSH to vCenter Server Appliance (VCSA)

book

Article ID: 396161

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • vCenter is configured with an identity source (Active Directory).
  • The AD user has Administrator privileges within the vSphere UI.
  • The user attempts to launch a shell session via SSH to the vCenter using their domain credentials.
  • The attempt fails, and the user receives the following error:

Environment

VMware vCenter Server 7.x
VMware vCenter Server 8.x

Cause

The AD user does not have necessary privileges to access vCenter shell. It should be part of SystemConfiguration.BaseShellAdministrators group.

Resolution

Steps to enable shell access for AD users:

  1. Login to VAMI and enable Bash shell.
    •  Go to https://vcenterfqdn:5480
    •  Navigate to the "Access" settings-> Edit->Activate Bash Shell
  2. In the vSphere Ui and under Administration->Single Sign-On->Users and Groups->Groups, select the SystemConfiguration.BaseShellAdministrators group and add either an AD User and/or Group that you wish to allow to access the shell.
  3. Search the username/group under "Add a member
  4. Once you have completed the steps above, you can now SSH to your VCSA using the AD user  that you had authorized earlier. In the example below, I am logging into VCSA using "Test" user

 

 

Powered by Wolken Software