• Administrators often inquire if it is possible and recommended to enable root SSH access for the NSX Manager.
• Root SSH access is disabled by default to ensure system integrity and security.
  • It is not recommended to leave root access enabled in a production environment.
• Root access should only be enabled temporarily for advanced troubleshooting, typically under the strict guidance of Broadcom Support.
  • Almost all standard administrative tasks should be performed using the admin account.

VMware NSX

• NSX is a restricted appliance designed with security best practices.
• Elevated root access bypasses standard role-based access controls and can cause catastrophic system failures if changes are made outside of documented procedures.

To temporarily enable root SSH access via the admin CLI (applicable to NSX 3.2.0 and later):

1. Log in to the NSX Manager via SSH or Console using the admin account.

2. Ensure the SSH service is running by executing: start service ssh

3. Enable direct root login by executing: set ssh root-login

4. Verify the SSH service status to confirm root login is active: get service ssh

5. Perform the required diagnostic or troubleshooting tasks.

6. Disable root login immediately upon task completion to restore system security: clear ssh root-login

Enable SSH root access for NSX appliance