• Administrators may need to create additional local user accounts on the vCenter Server Appliance (vCSA) to provide administrative or troubleshooting access without sharing the primary root credentials.
• By default, new local users are restricted to the Appliance Shell (API-based CLI) and cannot access the underlying Bash shell.

8.x,9.x

• The vCenter Server Appliance uses two distinct shell environments:
• Appliance Shell (clish): A restricted shell for monitoring and basic configuration.
• Bash Shell: The standard Linux shell used for advanced OS-level troubleshooting.
• Creating a user that can access the Bash shell requires a two-step process: defining the user within the appliance framework and then manually updating their shell environment via the Linux OS layer.

• Log in to the vCenter SSH session using [email protected]/root
• If you are in the Bash shell, type appliance to return to the Appliance Shell.
• Execute the following command to add the user: "localaccounts.user.add --username <new_username> --role admin --password" - This command will only work in appliance shell.
• Enter and confirm the desired password when prompted.

• Open a new SSH session or switch to your current session and log in as the root user.
• Run the "Change Shell" command for the newly created user: "chsh -s /bin/bash <new_username>"

• Open a new SSH session.
• Log in with the newly created username and password.
• You should now be dropped directly into the Bash shell or be able to type shell to enter it.

Security Considerations:

Least Privilege: Ensure that only authorized personnel are granted Bash access, as this provides full control over the appliance filesystem.

Audit Trails: Using individual accounts instead of the shared root account improves auditability for OS-level changes.

Password Policy: Local accounts created this way are subject to the password expiration policies configured in the vCenter VAMI (Port 5480).