Friday, December 4, 2015

Enable SSH Root Login for vSphere Data Protection

VMware vSphere Data Protection (VDP) is a backup and recovery solution based on EMC Avamar that is included with vSphere Essentials Plus Kit and higher editions of vSphere. VDP is deployed as a virtual appliance running a Linux guest operating system (OS). I have had several individuals ask about enabling the ability to log into the VDP appliance guest OS as the root user with an ssh client such as PuTTY on Windows and Terminal on OS X. This is disabled by default for security purposes, but it can easily be enabled. This short blog article provides the steps. Just be sure to disable the access when it is no longer needed.


1. Using the vSphere Web Client, open a console connection to the VDP appliance and log in using root and the password configured when the appliance was deployed. You can also use the latest version of VMware Fusion to connect to vSphere hosts and open console connections to VMs (screen shot below) - sweet!


2. Change the working directory to /etc/ssh by typing cd /etc/ssh



3. Use the vi editor to edit the sshd_config file in this directory. If you are not familiar with the vi editor, it is best to learn a bit about it before editing files – especially configuration files. A good vi reference page can be found here. Type vi sshd_config to open the file for editing.

4. Using the down arrow key, locate this line in the file: #PermitRootLogin yes


5. Place the cursor at the beginning of the line using the arrow keys.

6. Delete the # at the beginning of the line by pressing x. The word “yes” will likely change to a different color.


7. Save the file by entering :wq!

8. For the change to take effect, you must restart sshd with this command: /etc/init.d/sshd restart



You should now be able to log in from an ssh client.

To disable this access, simply edit the sshd_config file and reinsert the # in front of PermitRootLogin yes. Be sure to restart sshd for the change to take effect.

@jhuntervmware

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.