Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 890
  • Last Modified:

vmware esx 4.0 active directory ssh login

How do I add authorized users for ssh access to my ESX 4.0 hosts?  I can access the hosts using the viClient and the root user/password or using my Windows credentials.  If I try a domain admin account with SSH, it fails.  I realize that root is not allowed ssh access by default, but I can't seem to log on with any account.

I do not have physical access to the service console at the moment, so if I can accomplish this with remote tools, that'd be cool.  I can get physical console access if needed, but that's a bummer.

Thanks.
0
snowdog_2112
Asked:
snowdog_2112
  • 7
  • 6
  • 2
  • +1
1 Solution
 
coolsport00Commented:
If you log in with root with the Client to the host, you can create/add 'accounts'. I don't think you can add AD accts in ESX 4.0, but VMware made it possible in 4.1. After you add a user (users tab?), you can then modify the acct (its properties) for SSH access (a checkbox). You can then add the account, if needed, to any object level for specific access (to a cluster, a datacenter, a folder, or a VM).

Hope that helps.
~coolsport00
0
 
bgoeringCommented:
Yes - you need 4.1 for AD integration at the host level. If you have that create an AD security group "ESX Admins" and add your AD users to that group.

Good Luck
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
Luciano PatrãoICT Senior Infraestructure Engineer Commented:
Hi

Frist you need to change the sshd connections. By default sshd  root connections is not allowed from remote connections.

You need enter in the VMware Host console(on the physical server) and change the sshd_config file

Change the permission to yes

Enable or Disable Direct Root Login

cd /etc/sshd
vi sshd_config

PermitRootLogin no or yes

/etc/init.d/sshd restart

If using AD or Kerberos to use connections between AD users and VMware Hosts, need also to set this inthe sshd_config file.

Take a look at this and see the ssh connections options
http://linux.die.net/man/5/sshd_config

Hope this can help

Jail
0
 
coolsport00Commented:
Yep...the KB I posted shares all that info :)

Regards,
~coolsport00
0
 
Luciano PatrãoICT Senior Infraestructure Engineer Commented:
Hi

Sorry coolsport00 I did no open that KB.

Jail
0
 
coolsport00Commented:
No worries...the more "experts in agreement", the better for the poster. :)

~coolsport00
0
 
snowdog_2112Author Commented:
Here's the rub...I can't get SSH access to the hosts because SSH is disabled for root, and I need to get SSH access to the host with some other account before I can enable ssh for root.

I don't have console access (easily) to these boxes.

There is no users tab or area like ESXi - at the vCenter level, there is only a Permissions tab, and the only users to add are AD users, which is why I thought I could grant my AD users (i.e., myself) SSH access to the hosts.
0
 
snowdog_2112Author Commented:
coolsport00 - Where do I get to the Add Users from viClient? I have root access to viClient, just no ssh to the hosts.  Thanks!
0
 
coolsport00Commented:
When you log into your ESXi host with vSphere Client, there should be a users/groups tab. Right-click in the 'space' there and select Add User. In the properties of the user, you can enable SSH for the user you create. Look at my KB to enable SSH for the root user.

Regards,
~coolsport00
0
 
snowdog_2112Author Commented:
There is no Users tab.  Just a Permissions tab - this is ESX 4.0, keep in mind.  Right clicking in the white space only gives me the option to add permissions.

That is why I'm confused - I can't seem to find a place to add "local" users on the esx hosts.
0
 
coolsport00Commented:
Sorry "snowdog..."...you have to log into the ESX host directly to create a local user.

~coolsport00
0
 
snowdog_2112Author Commented:
How do you mean "directly"?  I have used viClient and pointed it at the hosts, still no Users tab.  I can't ssh to the hosts because root is disabled and I don't have any other users defined.

Chicken/egg prblem?
0
 
coolsport00Commented:
Hmm...yes, there should be a Users/Groups tab, along with Permissions. You're using vSphere Client to log onto ESX, not vCenter, correct? Make sure you use the IP or hostname of the ESX/i server and not vCenter (if you use vCenter).

~coolsport00
0
 
snowdog_2112Author Commented:
Ok - I *am* an idiot.

I would have swore up and down that there was no Users tab even at the host - and I know which one your'e talking about because I see it on my esxi 4.1 hosts.

Now I'm just swearing up and down at myself...

I must have connected to the datacenter and then clicked on the host - why that would present a different view than connecting directly to the host seems odd.

Thanks again!  
0
 
snowdog_2112Author Commented:
PICNIC error..."Problem In Chair, Not In Computer".  Thanks!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 7
  • 6
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now