Changing default SSH configuration
search cancel

Changing default SSH configuration


Article ID: 337167


Updated On:


VMware vSphere ESXi


This article provides steps to change the default SSH configuration.

  • SSH connection to the ESX host is refused
  • This issue may occur when Triple Data Encryption Algorithm (3DES ) is used by the source


VMware ESX 4.0.x
VMware ESX Server 3.5.x


ESX SSH security settings are designed to provide protection for the data you transmit to the service console through SSH. If this configuration is too rigid for your needs, you can lower security parameters.
Note: For more information about the security settings, see SSH Security in the Configuration Guide.
To change the default SSH configuration:
  1. Log on to the service console and acquire root privileges.
  2. Change to the /etc/ssh directory with the command:

    cd /etc/ssh

  3. Open the sshd_config file in a text editor. For more information, see Editing files on an ESX host using vi or nano (1020302).
  4. To allow remote root logon, change the line PermitRootLogin no to PermitRootLogin yes.
  5. To revert to the default SSH protocol (Version 1 and 2), comment out this line:

    Protocol 2

  6. To revert to the 3DES cipher and other ciphers, comment out this line:

    Ciphers aes256-cbc,aes128-cbc

  7. To disable Secure FTP (SFTP) on SSH, comment out this line:

    Subsystem ftp /usr/libexec/openssh/sftp-server

  8. Save your changes and close the file.
  9. Restart the SSHD service with the command:

    service sshd restart