ESXi Troubleshooting with Users (SSH, local CLI)

In my last post I referenced ESXi Lockdown mode and how it affects access to ESXi servers.  But how do you get access to ESXi without using root? How do you add users to the local host and give those users access to the troubleshooting tools?

Funny you should ask.

You can create a user account in the GUI or via commandline, but you are better off with the commandline as the GUI adds a home directory which doesn’t exist and it causes problems with ssh.

Command line is pretty easy – use the local troubleshooting mode: enable local troubleshooting mode, hit Alt-F1 from the console, login as root.
Enter:
useradd <account_name> -M -d/

Set a password using
passwd <account_name>

Once the user is created, you need to add a role. Use the vSphere client to connect directly to the host as root.
Click the permissions tab, right click in the window and choose “Add Permission”
Add the new user to the left side, select “Administrator” for the right side.

Ta-da!, you can now log into the local console and connect with the vSphere client.
But to use the troubleshooting mode you need to jump back into the commandline

usermod <account_name> -s /bin/ash

This updates the /etc/passwd file with the shell used by the Troubleshooting Modes

If you created the user via the GUI you’ll need to change the user directory, I think using vi to edit /etc/passwd is the only way, the included “usermod” utility doesn’t seem to allow for the -d option.

If you try to connect using ssh and the connection is dropped immediately you need to run the usermod <account_name> -s /bin/ash command again.

This entry was posted in Computing, Virtualization, VMware and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.