ESX Virtualization

VMware ESXi, vSphere, VMware Backup, Hyper-V... how-to, videos....

How-to change default SSH port on ESXi 5 and make the change persistent after reboot

By | Last Updated:

Shares

How-to change default SSH port on ESXi 5 and make it persistent after reboots.

If you want to keep SSH to your ESXi hosts, but want to change the default SSH port (22) to non default port, there is a way to do it. For example you don't wan to have SSH on 22 but on 2222.

How to do it? What's the requirements?

01. You'll have to create an XML file which needs to be placed on persistent storage or VMFS volume. (/vmfs/volumes/).

02. Copy the xml file there. The volume can laid on shared storage so it'll be accessible by all your hosts. In my case /vmfs/volumes/freenas/ssh

The content of the xml file has to be like this:

<ConfigRoot>
<service>
<id>SSH 2222</id>
<rule id = ‘0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>2222</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>

03. Add these lines to the /etc/rc.local file:

cp location of xml file /etc/vmware/firewall
esxcli network firewall refresh

Where location of xml file is the location that the file was copied to in step 2.

Like this the new firewall configuration will be actively loaded and every time the host restarts it loads the custom firewall configuration.

04. Copy /etc/services to the storage (same location as the firewall rules are stored for example – my case).

How to configure ESXi 5 for different port on SSH

05. Edit the services file and change and change the port number for SSH.

06. Edit /etc/rc.local so the created files are copied back to host at boot time. Here is an example, those lines would be added at the end of the file:

#Copy the new firewall rule from vmfs place holder to file system
cp /vmfs/volumes/freenas/etc/ssh2222.xml  /etc/vmware/firewall/
#refresh firewall rules
esxcli network firewall refresh
#Copy the modified services file from vmfs place holder to file system
cp /vmfs/volumes/freenas/ssh/services /etc/services
#Restart inetd to get the changes
kill -HUP `cat /var/run/inetd.pid`

 

You'll have to reboot the host to validate the changes and test if everyting works.

Sources:

VMware KB User defined xml firewall configurations are not persistent across ESXi host reboots

VMware KB Changing the port used by SSH on an ESXi 5.0 host

 

Shares
Vote !

About Vladan SEGET

This website is maintained by Vladan SEGET. Vladan is as an Independent consultant, professional blogger, vExpert x12, Veeam Vanguard x7, VCAP-DCA/DCD, VCP, ESX Virtualization site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers.

Connect on: Facebook. Feel free to network via Twitter @vladan.

Comments

  1. DrEmmettBrown says

    Dear Vlatan ,

    Thank you for your post. let me fix ( maybe add) one thing.

    when you connect to your esxi with ssh you can’t edit /etc/services because it’s readonly.

    so you can change your startup script with this

    #Copy the new firewall rule from vmfs place holder to file system
    cp /vmfs/volumes/freenas/etc/ssh2222.xml /etc/vmware/firewall/
    #refresh firewall rules
    esxcli network firewall refresh
    #Copy the modified services file from vmfs place holder to file system

    #if we don’t delete /etc/services file it will stay same.. it’s ridiculous but true..but if we delete it #then it works.

    rm -rf /etc/services

    cp /vmfs/volumes/freenas/ssh/services /etc/services
    #Restart inetd to get the changes
    kill -HUP `cat /var/run/inetd.pid`

    Thanks

x