Log into vCenter and start SSH on all ESXi

Although SSH should be disabled on all ESXi hosts as a security standard, there are many instances where it needs to be open. Troubleshooting is one of them. To be able to start and stop the SSH service on all hosts via script is often more helpful than doing it manually, especially when there are many hosts.

In. the last article I looked at how to create a secure credentials file.

Create a credentials file for vSphere

With the basis in this we will use this when we create the script to start SSH service.

Start SSH

# Define the path to the credential file
$CredentialFilePath = "C:\vCenterCredentials.xml"

# Check if the credential file exists
if (Test-Path $CredentialFilePath) {
    # Import credentials from the file
    $Credential = Import-CliXml -Path $CredentialFilePath
    $Username = $Credential.UserName
    $Password = $Credential.GetNetworkCredential().Password

    # Connect to vCenter using the credentials
    try {
        Connect-VIServer -Server "<vCenter_Server_Name>" -User $Username -Password $Password
        Write-Host "Connected to vCenter successfully."
    } catch {
        Write-Host "Failed to connect to vCenter. Please check the credentials or network connectivity."
        exit
    }

    # Enable SSH on all ESXi hosts
    try {
        Get-VMHost | ForEach-Object {
            $hostServices = Get-VMHostService -VMHost $_
            $sshService = $hostServices | Where-Object { $_.Key -eq "TSM-SSH" }
            if ($sshService) {
                Start-VMHostService -HostService $sshService -Confirm:$false
                Write-Output "SSH enabled on host: $($_.Name)"
            } else {
                Write-Output "SSH service not found on host: $($_.Name)"
            }
        }
    } catch {
        Write-Host "An error occurred while enabling SSH on the hosts."
    }

    # Disconnect from vCenter
    Disconnect-VIServer -Confirm:$false
    Write-Host "Disconnected from vCenter."
} else {
    Write-Host "Credential file not found at $CredentialFilePath. Please create the file first."
}

Stop SSH

# Define the path to the credential file
$CredentialFilePath = "C:\vCenterCredentials.xml"

# Check if the credential file exists
if (Test-Path $CredentialFilePath) {
    # Import credentials from the file
    $Credential = Import-CliXml -Path $CredentialFilePath
    $Username = $Credential.UserName
    $Password = $Credential.GetNetworkCredential().Password

    # Connect to vCenter using the credentials
    try {
        Connect-VIServer -Server "<vCenter_Server_Name>" -User $Username -Password $Password
        Write-Host "Connected to vCenter successfully."
    } catch {
        Write-Host "Failed to connect to vCenter. Please check the credentials or network connectivity."
        exit
    }

    # Stop SSH on all ESXi hosts
    try {
        Get-VMHost | ForEach-Object {
            $hostServices = Get-VMHostService -VMHost $_
            $sshService = $hostServices | Where-Object { $_.Key -eq "TSM-SSH" }
            if ($sshService) {
                Stop-VMHostService -HostService $sshService -Confirm:$false
                Write-Output "SSH stopped on host: $($_.Name)"
            } else {
                Write-Output "SSH service not found on host: $($_.Name)"
            }
        }
    } catch {
        Write-Host "An error occurred while stopping SSH on the hosts."
    }

    # Disconnect from vCenter
    Disconnect-VIServer -Confirm:$false
    Write-Host "Disconnected from vCenter."
} else {
    Write-Host "Credential file not found at $CredentialFilePath. Please create the file first."
}

Script Explanation:

Credential File Handling:

  • The script reads the encrypted credentials from C:\vCenterCredentials.xml.
  • If the file is missing, it prompts the user to create it first.

vCenter Connection:

  • The Connect-VIServer cmdlet uses the imported credentials to log into vCenter.
  • Errors during connection (e.g., invalid credentials or network issues) are caught and handled.

Enable SSH:

  • The script retrieves all ESXi hosts using Get-VMHost.
  • It checks for the SSH service (TSM-SSH) and starts it using Start-VMHostService.
  • Logs are written for each host to indicate whether SSH was successfully enabled or not.

Stop SSH:

  • The script retrieves all ESXi hosts usingĀ Get-VMHost.
  • It checks for the SSH service (TSM-SSH) and stops it usingĀ Stop-VMHostService.
  • Logs are written for each host to indicate whether SSH was successfully stopped or not.

    Error Handling:

    • Try-catch blocks are used to handle errors gracefully during connection and SSH enabling.

    Disconnect from vCenter:

    • After operations are complete, the script disconnects from vCenter using Disconnect-VIServer.

    Related Posts

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Share on Social Media