6.5
Table Of Contents
- Getting Started with vSphere Command-Line Interfaces
- Contents
- About This Book
- Managing vSphere with Command-Line Interfaces
- Installing vCLI
- Running Host Management Commands in the ESXi Shell
- Running vCLI Host Management Commands
- Overview of Running vCLI Host Management Commands
- Protecting Passwords
- Authenticating Through vCenter Server and vCenter Single Sign-On
- Authenticating Directly to the Host
- Trust Relationship Requirement for ESXCLI Commands
- Common Options for vCLI Host Management Command Execution
- Using vCLI Commands in Scripts
- Run Host Management Commands from a Windows System
- Run Host Management Commands from a Linux System
- Running DCLI Commands
- Index
3 In the Services section, click Edit.
4 Select SSH.
n
To temporarily start or stop the service, click the Start or Stop buon.
n
To change the Startup policy across reboots, select Start and stop with host and reboot the host.
5 Click OK.
What to do next
After you have enabled SSH, you can log in to the ESXi Shell remotely and run ESXi Shell commands.
Access the Remote ESXi Shell with SSH
If SSH is enabled on your ESXi host, you can run commands on that shell by using an SSH client.
Procedure
1 Open an SSH client.
2 Specify the IP address or domain name of the ESXi host.
Precise directions vary depending on the SSH client that you are using. See vendor documentation and
support.
3 Provide credentials when prompted.
Lockdown Mode
To increase the security of your ESXi hosts, you can put them in lockdown mode.
In lockdown mode, all operations must be performed through vCenter Server. By default, only the
vCenter Server system, represented by the vpxuser user, has authentication permissions. No other users can
perform operations against a host in lockdown mode.
vSphere 5.x and later supports normal lockdown mode, as discussed in the vSphere 5.x documentation
center. vSphere 6.0 and later supports more ne-grained management.
n
In normal lockdown mode, you can add users to the DCUI.Access advanced option, which can access
the Direct Console User Interface regardless of their privileges on the host. Starting with vSphere 6.0,
you can also use the vSphere Web Client to add Exception users, which can access the Direct Console
User Interface if they have host management privileges.
n
In strict lockdown mode, users cannot access the Direct Console User Interface. If vCenter Server
becomes unavailable, the host can no longer be managed.
When a host is in normal or strict lockdown mode, you cannot run vSphere CLI commands against the host
directly. Instead, you target the vCenter Server system that manages the host with the --server option and
specify the ESXi host with the --vihost option.
When you enable strict lockdown mode, the Direct Console User Interface service is disabled.
You can enable lockdown mode by using the Add Host wizard to add a host to vCenter Server, by using the
vSphere Web Client to manage a host, or by using the Direct Console User Interface (DCUI).
See the vSphere Security documentation for details on lockdown mode in vSphere 6.x.
Run an ESXCLI Command in the ESXi Shell
You can run ESXCLI commands in the ESXi Shell unless they are marked as internal in the online help.
The ESXi Shell is disabled by default. You must enable the ESXi Shell before you can run commands in the
shell. See “ESXi Shell Access with the Direct Console,” on page 25.
Getting Started with vSphere Command-Line Interfaces
28 VMware, Inc.