ESXi Shell Access with the Direct Console

ESXi Shell Access with the Direct Console

An ESXi system includes a direct console (also called DCUI) that allows you to start and stop the system and to perform a limited set of maintenance and troubleshooting tasks. The direct console includes the ESXi Shell, which is disabled by default. You can enable the ESXi Shell in the direct console or by using the vSphere Client. You can enable local shell access or remote shell access:

■

Local shell access allows you to log in to the shell directly from the Direct Console. See Enabling Local ESXi Shell Access.

■

Remote shell (SSH) access allows you to connect to the host using a shell such as PuTTY, specify a user name and password, and run commands in the shell.

The ESXi Shell includes all ESXCLI commands, a set of deprecated esxcfg- commands, and a set of commands for troubleshooting and remediation.

Important All ESXCLI commands that are available in the ESXi Shell are also included in the vCLI package.

VMware recommends you install the vCLI package on a supported Windows or Linux system or deploy the vMA virtual appliance, and run commands against your ESXi hosts. Run commands directly in the ESXi Shell in troubleshooting situations only.

Enabling Local ESXi Shell Access

You can enable the ESXi Shell from the direct console or from the vSphere Client.

If you have access to the direct console, you can enable the ESXi Shell from there.

To enable the ESXi Shell in the direct console

1

At the direct console of the ESXi host, press F2 and provide credentials when prompted.

2

Scroll to Troubleshooting Options and press Enter.

3

Choose Enable ESXi Shell and press Enter.

On the left, Enable ESXi Shell changes to Disable ESXi Shell. On the right, ESXi Shell is Disabled changes to ESXi Shell is Enabled.

4

Press Esc until you return to the main direct console screen.

If you do not have access to the direct console, you can enable the ESXi Shell from the vSphere Client.

To enable the local or remote ESXi Shell from the vSphere Client

1

Select the host, click the Configuration tab, and click Security Profile in the Software panel.

2

In the Services section, click Properties.

3

Select ESXi Shell and click Options.

4

Change the ESXi Shell options.

■

To change the Startup policy across reboots, click Start and stop with host and reboot the host.

■

To temporarily start or stop the service, click the Start or Stop button.

5

Click OK.

After you have enabled the ESXi Shell, you can use it from that monitor or through a serial port.

The ESXi Shell timeout setting specifies how long you can leave an unused session open. By default, the timeout for the ESXi Shell is 0, which means the session remains open even if it is unused. If you change the timeout, for example, to 30 minutes, you have to log in again after the timeout period has elapsed.

Note If you are logged in when the timeout period elapses, your session will persist. However, the ESXi Shell will be disabled, preventing other users from logging in.

Setting Timeouts for the ESXi Shell

The ESXi Shell supports availability timeout and idle timeouts. By default, each timeout is disabled.

■

Availability timeout. The amount of time that can elapse before you must log in after the ESXi Shell is enabled. After the timeout period, the service is disabled and users are not allowed to log in.

■

Idle timeout. The amount of time that can elapse before the user is logged out of an idle interactive sessions. Changes to the idle timeout apply the next time a user logs in to the ESXi Shell and do not affect existing sessions.

To set ESXi Shell timeouts from the Direct Console

1

From the Troubleshooting Mode Options menu, select Modify ESXi Shell and SSH timeouts and press Enter.

2

Enter the availability timeout, in seconds, and press Enter.

3

Enter the idle timeout, in seconds, and press Enter.

4

Press Esc until you return to the main menu of the Direct Console Interface.

To set ESXi Shell timeouts from the vSphere Web Client

1

Select the host in the inventory, click the Manage tab, and click Settings.

2

Under System, select Advanced System Settings.

3

In the left panel, click UserVars.

4

Select UserVars.ESXiShellTimeOut and click the Edit icon

5

Enter the availability timeout in minutes.

You must restart the SSH service and the ESXi Shell service for the timeout to take effect.

6

Select UserVars.ESXiShellInteractiveTimeOut and click the Edit icon

7

Enter the availability timeout in minutes.

You must restart the SSH service and the ESXi Shell service for the timeout to take effect.

8

Click OK.

Using the Local ESXi Shell

After you enable the ESXi Shell in the direct console, you can use it from main direct console screen or remotely through a serial port.

To use the local ESXi Shell

1

At the main direct console screen, press Alt-F1 to open a virtual console window to the host.

2

Provide credentials when prompted.

When you type the password, characters are not displayed on the console.

3

Enter shell commands to perform management tasks.

4

To log out, type exit in the shell.

5

To return to the direct console, type Alt-F2.

See vSphere Installation and Setup documentation for information on serial port setup.

Important All ESXCLI commands that are available in the ESXi Shell are also included in the vCLI package. VMware recommends you install the vCLI package on a supported Windows or Linux system or deploy the vMA virtual appliance, and run commands against your ESXi hosts. Run commands directly in the ESXi Shell in troubleshooting situations only.

Note If you are logged in when the timeout period elapses, your session will persist. However, the ESXi Shell will be disabled, preventing other users from logging in.

Help us improve this information. Send feedback to [email protected].