Privilege required to enable SSH on hosts
search cancel

Privilege required to enable SSH on hosts

book

Article ID: 426739

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

  • Administrators creating custom roles may discover that users are unable to start or stop the SSH service on ESXi hosts. The options to "Start" or "Stop" the service under Configure > System > Services may be grayed out

Environment

7.x
8.x

Cause

  • The ability to manage services (such as SSH, ESXi Shell, or NTP) on an ESXi host is protected by the Security profile and firewall privilege. If a custom role lacks this specific permission, the user cannot modify the service state, even if they have other host configuration privileges.

Resolution

To allow a user to toggle the SSH service on an ESXi host, you must add the following privilege to their vCenter Role:

  1. Log in to the vSphere Client with Administrator privileges.
  2. Navigate to Administration > Access Control > Roles.
  3. Select the custom role assigned to the user or create a new one and click Edit.
  4. Expand the privilege tree:
    • Expand Host.
    • Expand Configuration.
  5. Locate and check the box for Security profile and firewall.
  6. Click Next and Finish to save the role.

Verify the user can now access the ESXi host, navigate to Configure > System > Services, and successfully Start/Stop the SSH service.

Additional Information

Broadcom TechDocs: Host Configuration Privileges

Powered by Wolken Software