ESXi Shell Access

ESXi Shell Access

An ESXi system includes a direct console that allows you to start and stop the system and to perform a limited set of maintenance and troubleshooting tasks. The direct console includes the ESXi Shell. The ESXi Shell includes a set of fully supported ESXCLI commands and a set of commands for troubleshooting and remediation. You must enable access to the ESXi Shell from the direct console of each system. You can enable access to the local ESXi Shell or access to the ESXi Shell with SSH.

Note For security reasons, you should enable ESXi Shell only when required.

ESXi Shell Local Access

The ESXi Shell is disabled by default. You can enable the ESXi Shell for troubleshooting from the direct console. All ESXCLI commands that are available in the ESXi Shell are also included in the vCLI package. Install the vCLI package or deploy the vMA virtual appliance, and run commands against your ESXi hosts, instead of running commands in the ESXi Shell itself. See Getting Started with vSphere Command-Line Interfaces.

Enabling the ESXi Shell

You can enable the ESXi Shell from the direct console and from the vSphere Web Client. Enabling the ESXi Shell means making it accessible as a local console available directly or over an out-of-band network.

To enable the ESXi Shell from the Direct Console User Interface

1

Access the direct console of the ESXi host, press F2, and provide credentials when prompted.

2

Scroll to Troubleshooting Options, and press Enter.

3

Select Enable ESXi Shell and press Enter.

On the left, Enable ESXi Shell changes to Disable ESXi Shell. On the right, ESXi Shell is Disabled changes to ESXi Shell is Enabled.

4

(Optional) Configure the time-out for the ESXi Shell

a

Select Modify ESXi Shell timeout and press Enter.

b

Enter the time-out value in seconds and press Enter.

5

Press Esc until you return to the main direct console screen.

You can enable the ESXi Shell from the vSphere Web Client.

To enable to local or remote ESXi Shell from the vSphere Web Client

1

Select the host, click the Manage tab, and click Settings.

2

Under System, select Security Profile.

3

In the Services panel, click Edit.

4

Select a service from the list.

■

ESXi Shell

■

SSH

■

Direct Console UI

5

Click Service Details and select the startup policy Start and stop manually.

When you select Start and stop manually, the service does not start when you reboot the host. If you want the service to start when you reboot the host, select Start and stop with host.

6

Select Start to enable the service.

7

Click OK.

After you have enabled the ESXi Shell, you can use it from that monitor or through an out-of-band network connection.

Setting Timeouts for the ESXi Shell

The ESXi Shell supports availability timeout and idle timeouts. By default, each timeout is disabled.

■

Availability timeout. The amount of time that can elapse before you must log in after the ESXi Shell is enabled. After the timeout period, the service is disabled and users are not allowed to log in.

Note If you are logged in when the timeout period elapses, your session will persist. However, the ESXi Shell will be disabled, preventing other users from logging in.

■

Idle timeout. The amount of time that can elapse before the user is logged out of an idle interactive sessions. If you change the idle timout, the change does not affect existing sessions but apply the next time a user logs in to the ESXi Shell.

You can set the timeout from the ESXi Shell, in seconds, or from the vSphere Web Client, in minutes.

To set ESXi Shell timeouts from the Direct Console User Interface

1

From the Troubleshooting Mode Options menu, select Modify ESXi Shell and SSH timeouts and press Enter.

2

Enter the availability timeout, in seconds, and press Enter.

3

Enter the idle timeout, in seconds, and press Enter.

4

Press Esc until you return to the main menu of the Direct Console Interface.

To set ESXi Shell timeouts from the vSphere Web Client

1

Select the host in the inventory, click the Manage tab, and click Settings.

2

Under System, select Advanced System Settings.

3

In the left panel, click UserVars.

4

Select UserVars.ESXiShellTimeOut and click the Edit icon

5

Enter the timeout, in minutes.

You are logged out and have to log in again after this amount of time, regardless of whether the ESXi Shell is active.

6

Restart the SSH service and the ESXi Shell service for the timeout to take effect.

7

Select UserVars.ESXiShellInteractiveTimeOut and click the Edit icon

8

Enter the idle timeout, in minutes.

You are logged out after the ESXi Shell has been inactive for this amount of time.

9

Restart the SSH service and the ESXi Shell service for the timeout to take effect.

10

Click OK.

Accessing the ESXi Shell with the Direct Console

After you enable ESXi Shell access, you can access the local shell.

To access the local ESXi Shell

1

At the main direct console screen, press Alt-F1 to open a virtual console window to the host.

2

Provide credentials when prompted.

When you type the password, characters are not displayed on the console.

3

To log out, type exit in the shell.

4

To return to the direct console, press Alt-F2.

Setting ESXi Shell Timeout

The ESXi Shell timeout setting specifies how long you can leave an unused session open. By default, the timeout for the ESXi Shell is 0, which means the session remains open even if it is unused. If you change the timeout, you have to log in again after the timeout period has elapsed.

Note If you are logged in when the timeout period elapses, your session will persist. However, the ESXi Shell will be disabled, preventing other users from logging in.

You can modify the timeout from the Direct Console or from the vSphere Web Client.

To modify the ESXi Shell Timeout

■

In the Direct Console, follow these steps.

a

Select Modify ESXi Shell timeout and press Enter.

b

Enter the time-out value, in seconds, and press Enter.

■

In the vSphere Web Client, follow these steps.

a

Select the host in the inventory, and click the Manage tab.

b

Select Settings, and click System, then click Advanced Settings.

c

Filter for UserVars, and locate UserVars.ESXiShellTimeOut

d

Enter the timeout value, in minutes, and click OK.

Remote Access to ESXi Shell Using SSH

If Secure Shell is enabled for the ESXi Shell, you can run shell commands by using a Secure Shell client such as SSH or PuTTY.

Enabling SSH for the ESXi Shell

By default, you cannot access the ESXi Shell using a Secure Shell client. You can enable SSH access from the direct console.

To enable SSH access in the direct console

1

At the direct console of the ESXi host, press F2 and provide credentials when prompted.

2

Scroll to Troubleshooting Options, and press Enter.

3

Select Enable SSH and press Enter once.

On the left, Enable SSH changes to Disable SSH. On the right, SSH is Disabled changes to SSH is Enabled.

4

Press Esc until you return to the main direct console screen.

You can enable remote command execution from the vSphere Web Client.

To enable SSH from the vSphere Web Client

1

Select the host and click the Manage tab.

2

Under System, click Security Profile.

3

In the Services section, click Edit.

4

Select SSH and set the status.

■

To temporarily start or stop the service, click the Start or Stop button.

■

To enable SSH permanently, click Start and stop with host. The change takes effect the next time you reboot the host.

5

Click OK.

After you have enabled SSH, you can use an SSH client to log in to the ESXi Shell and run ESXi Shell commands.

Accessing the ESXi Shell with SSH

If SSH is enabled on your ESXi host, you can use an SSH client to run commands on that shell.

To access the ESXi Shell with SSH

1

Open an SSH client.

2

Specify the IP address or domain name of the ESXi host.

Precise directions vary depending on the SSH client you use. See vendor documentation and support.

3

Provide credentials when prompted.

ESXi Shell Commands

The ESXi Shell includes several sets of commands.

ESXi Shell Commands

Command Set

Description

ESXCLI commands

A large set of new ESXCLI commands supports many administrative tasks. The commands are fully supported and tested by VMware and include command-line help. See Getting Started with vSphere Command-Line Interfaces.

esxcfg- commands

The esxcfg- commands available in the service console are deprecated. The commands will be removed from the ESXi Shell in a future release. See Reference to Replacements for Service Console Commands.

POSIX-like commands

See Shell Commands.

localcli commands

Set of troubleshooting commands for use with VMware Technical Support. localcli commands are equivalent to ESXCLI commands but bypass the host daemon (hostd).

Warning: localcli commands are only for situations when hostd is unavailable and cannot be restarted. After you run a localcli command, you must restart hostd. Using localcli commands in other situations is not supported. An inconsistent system state and potential failure can result.

ESXCLI Commands

The ESXi Shell in ESXi 5 includes a large set of new ESXCLI namespaces and commands. The complete ESXCLI command set is also part of the vCLI package. The ESXCLI command syntax in ESXi 5 is more flexible than the syntax in ESXi 4 and supports multiple namespaces.

esxcli [dispatch_option] <namespace> [namespace, ...] <cmd> [cmd_options]

Each command can use an arbitrary number of namespaces, and different commands have a different number of elements. All commands have also been reviewed for consistency and most commands have been renamed. For example:

■

Each get command returns single values.

esxcli hardware memory get

■

The list commands are used for multiple return values.

esxcli hardware cpu list

Many commands have options. Use an equal sign or a space between the option and the option value.

esxcli storage nfs add --host=<host_name> --share=<share_name> --volume=<volume_name>

esxcli storage nfs add --host <host_name> --share <share_name> --volume <volume_name>

Important For a complete list of ESXCLI commands, see the vSphere Command-Line Interface Reference. The vSphere Command-Line Interface Concepts and Examples document illustrates how to perform common tasks with ESXCLI or vicfg- commands.

Shell Commands

In contrast to VMware ESX, VMware ESXi does not include a console OS with a large set of shell commands and other software. However, a small set of shell commands is available in the ESXi Shell.

Important The commands are not tested or supported by VMware. Use VMware commands such as ESXCLI, vicfg- commands, and so on, instead.

You can see a list of commands in /usr/bin. When you list the commands with ls -al, notice that several of the utilities are redirected to commands appropriate in the vSphere environment. The following commands produce different results than typical shell commands.

■

Several commands are redirected to vmkvsitools.

Important vmkvsitools is intended for use with VMware Technical Support. Do not use vmkvsitools to manage your system.

■

Ping commands are redirected to vmkping.

■

Some additional commands are available in the ESXi Shell for certain troubleshooting tasks. Use these commands when instructed by a VMware Knowledge Base article or VMware Technical Support staff.

■

User management commands are deprecated.

Go to /usr/bin and run ls -a to see a complete list.

Help us improve this information. Send feedback to docfeedback@vmware.com.