Enable SSH on ESXi Hosts in VCF
search cancel

Enable SSH on ESXi Hosts in VCF


Article ID: 312060


Updated On:


VMware Cloud Foundation


Starting from VCF 4.4, the SSH is disabled on all the ESXi hosts to reduce the security risk. However, if there is an external SSH dependency on ESXi hosts, the following steps can enable SSH on ESXi hosts.


ssh: connect to host port 22: Connection refused


VMware Cloud Foundation 4.x
VMware Cloud Foundation 4.4


The SSH is disabled on ESXi hosts during different workflows like bring up, host commission, adding a host to a cluster, creating a cluster, creating VI domain, upgrade etc.


If the SSH needs to be enabled for all the hosts for all the domains, then run the below command in the SDDC Manager as root:
/opt/vmware/sddc-support/sos --enable-ssh-esxi --domain-name ALL

To enable SSH for all the hosts for a specific domain (e.g. domain1):
/opt/vmware/sddc-support/sos --enable-ssh-esxi --domain-name domain1

To enable SSH for a specific host:
  1. In a web browser, log in to the ESXi host using the VMware Host Client.
  2. In the navigation pane, click Manage and click the Services tab.
  3. Select the TSM-SSH service and click Start.

For Bringup, login as root user in the cloud builder VM and replace:

in /opt/vmware/bringup/webapps/bringup-app/conf/feature.properties and restart bringup service:
systemctl restart vcf-bringup.service

For any other workflows, login as vcf user in the SDDC Manager VM and create or update the file named /home/vcf/feature.properties containing "feature.vcf.esxi.ssh.disable=false" E.g.:
echo 'feature.vcf.esxi.ssh.disable=false' >> /home/vcf/feature.properties
chmod a+r /home/vcf/feature.properties

Then login to SDDC manager as root user and restart all the services:
1. The above workaround doesn't work on the commissioned hosts on VCF 4.4.x.
2. The SSH needs to be manually turned on for the LCM Prechecks if the feature flag is turned off on VCF 4.4.x.