Skip to content

Enabling root SSH login on an ESX host

Sure, there's KB 8375637 covering exactly that. In it we can read how to do this when we have physical access to the ESX host. But we don't and we have just setup our ESX host, so we don't have any other users available. But then there's KB 1317898, explaining how to change a forgotten root password on an ESX host. In short:
  • Reboot the ESX host
  • In the GRUB menu, scroll down to Troubleshooting mode and press "e" to edit and add "single" to the end of the kernel line. We may also add console=ttyS0,115200n8 to do this via a serial console.
  • Boot the ESX. We should now be in single-user-mode with a root shell.
  • If so, we can allow sshd root-logins (and make a few more adjustments, while we're at it):
    $ sed 's/^PermitRootLogin.*/PermitRootLogin yes/' -i /etc/ssh/sshd_config
    
    $ grep kernel /boot/grub/grub.conf 
            kernel /vmlinuz [...] console=ttyS0,115200n8
            kernel /trouble/vmlinuz [...] trouble console=ttyS0,115200n8
    
    $ grep ttyS0 /etc/inittab
    S:2345:respawn:/sbin/agetty 115200 ttyS0
    
    $ grep ttyS0 /etc/securetty 
    ttyS0
    
  • Call sync(1) and reboot. We should now be able to login locally (via a serial console) or via ssh. Yay! :-)
After booting, we will of course add our newly installed ESX host to our vCenter Server. Just after this has been done, an warning message is raised:
> esx01.local
> Warning
> Status of other host hardware objects
> 1/12/2011 1:25:31 AM
Huh? What is the status of "other host hardware objects"? After a bit of clicking around we navigate to the "Hardware Status" tab and there it is:
System Management Software 0 Event Logging: Log full,out of 94 sensors
Turns out, our SEL was full and needed to be cleared:
  ilom$ ipmi clear sel
When we "update" the hardware status page, the warning should be gone.

Copyright Infringement & Tor

Yes, I've blogged about this earlier. And now, almost a year after setting up a Tor exit-node, I've got my 5th Copyright infringement notice. Apparently I have infringed(?) upon:
  • 2010-03-16 - Harry Potter audio books
  • 2010-05-16 - Iron Man 2
  • 2010-09-29 - Eureka
  • 2010-12-24 - Despicable Me
  • 2011-01-03 - Naruto
  • 2011-01-05 - House MD
...to be continued?

Again, for the record: half of the stuff up there I didn't even know (and, in retrospect, I would've been happier to not have looked them up). Also, with the configured exit policy in place, BitTorrent downloads are not even possible. But how to explain this to a lawyer?

Update: OK, I'm giving in. After another notice only 2 days after the last one and only two weeks after the 4th notice, I've decided to run a bridge node. As I cannot use any of those good hints for running an exit node, I see no other choice than running a bridge. It's better than nothing, I guess :-\

$ diff torrc{.exit,}
19c19
< SocksListenAddress 192.168.0.106:9050
---
> SocksPort 0
24,25c24,25
< SocksPolicy accept 192.168.0.0/24
< SocksPolicy reject *
---
> # SocksPolicy accept 192.168.0.0/24
> # SocksPolicy reject *
168,169c168,169
< #BridgeRelay 1
< #ExitPolicy reject *:*
---
> BridgeRelay 1
> ExitPolicy reject *:*