Skip to main content

Enabling root SSH login on an ESX host

Sure, there's KB 8375637 covering exactly that. In it we can read how to do this when we have physical access to the ESX host. But we don't and we have just setup our ESX host, so we don't have any other users available. But then there's KB 1317898, explaining how to change a forgotten root password on an ESX host. In short:

  • Reboot the ESX host
  • In the GRUB menu, scroll down to Troubleshooting mode and press "e" to edit and add "single" to the end of the kernel line. We may also add console=ttyS0,115200n8 to do this via a serial console.
  • Boot the ESX. We should now be in single-user-mode with a root shell.
  • If so, we can allow sshd root-logins (and make a few more adjustments, while we're at it):
    $ sed 's/^PermitRootLogin.*/PermitRootLogin yes/' -i /etc/ssh/sshd_config
    
    $ grep kernel /boot/grub/grub.conf 
            kernel /vmlinuz [...] console=ttyS0,115200n8
            kernel /trouble/vmlinuz [...] trouble console=ttyS0,115200n8
    
    $ grep ttyS0 /etc/inittab
    S:2345:respawn:/sbin/agetty 115200 ttyS0
    
    $ grep ttyS0 /etc/securetty 
    ttyS0
    
  • Call sync(1) and reboot. We should now be able to login locally (via a serial console) or via ssh. Yay! :-)
After booting, we will of course add our newly installed ESX host to our vCenter Server. Just after this has been done, an warning message is raised:
> esx01.local
> Warning
> Status of other host hardware objects
> 1/12/2011 1:25:31 AM
Huh? What is the status of "other host hardware objects"? After a bit of clicking around we navigate to the "Hardware Status" tab and there it is:
System Management Software 0 Event Logging: Log full,out of 94 sensors
Turns out, our SEL was full and needed to be cleared:
  ilom$ ipmi clear sel
When we "update" the hardware status page, the warning should be gone.