Friday, 22 July 2016

Creating A Local User And Granting Shell Access In ESXi 6.0

So, in ESXi 6.0 onward, if you login to ESXi directly from vSphere client you do not have the option to specify Shell Access when you are creating a local user. The screen that you will see when creating a new user here is:


If you create this user and login to the Putty, you get the message saying Access denied. 
The access.conf file should be updated automatically once the users are created and since it does not, perhaps due to security enhancements, there is a need of little tweaking that needs to be done.

Note: Please test this in your lab before you implement this in production. All the steps were implemented in a non production environment.

What you need to do is:

1. Create the user locally from the above wizard
2. Login to SSH for that ESXi host
3. Change the directory to:
# cd /etc/security
4. You will have a file called access.conf file. (Backup the file before editing) Open this file with a vi editor.
# vi access.conf

The contents look like below:


5. You need to add your user here in the format
+:<username>:ALL
6. Save the file
7. Restart the SSH session.
8. Now you can login to your ESXi host with the local user.

This user has shell access but not the root access. If I run any command to list the details of the devices connected to this host it displays the following:


Well that's pretty much it.