While checking out the PlanetV12n feed, I noticed a new video from David Davis about the new vSphere 4.1 Tech Support Mode. In the short video, David goes over the new method of enabling "hidden" unsupported Busybox Console, also known as Tech Support Mode. In the past, you had to be on the console of your ESXi host, type ALT+F1, and then "unsupported" to gain access. Once in, to enable remote SSH access or Remote Tech Support Mode, you had to edit /etc/inetd.conf and restart inetd service. This was pretty tedious if you needed access for a short period of time. In the video, David goes over the new method showing how it can be done using the DCUI and the old method is no longer required.
What surprised me after watching the video was that he did not mention the other method of enabling and disabling Tech Support Mode both local and remote. One issue I had with past releases of ESXi is that you could restart some services such as ntp or vmware-vpxa via the vSphere API, but others were just not available. In vSphere 4.1, VMware introduces a few new services around their Likewise Active Directory integration but also includes controlling both local and remote Tech Support Mode as well as DCUI itself.
These services can be enabled and disabled using the vSphere Client, here is a screenshot:
To enable or disable TSM, just click on the service and then click on options:
You will then have the option to configure the startup policy including enabling or disabling the service:
If you needed to perform this operation against one or two host, it is not that big of a deal. Though if you needed to enable remote Tech Support Mode (SSH access) across few dozen hosts, then can still be tedious. Luckily I wrote a script (hostServiceMangement.pl) last year that allowed you to enable and disable supported services using the vSphere API. Without any modifications, it supports vSphere 4.1 and can take advantage of the new services that are available for control.
Here is an example of listing the services on an ESXi 4.1 host:
Here is an example enabling remote Tech Support Mode:
Here is an example of disabling remote TSM:
The script can be executed on a host that has vCLI 4.1 installed or on vMA 4.1 and can bulk update a list of ESX/ESXi host or individual host. For more details, please check out the documentation for hostServiceManagement.pl.
Excellent, thank you. I'm trying to set up passwordless login from Windows 2008 to ESXi 4.1. On the W2K8 box using cygwin I did:
ssh-keygen -t rsa
cd ~/.ssh
ssh root@esxihost
mkdir /vmfs/volumes/datastore1/authorized_keys
scp id_rsa.pub esxihost:/vmfs/volumes/datastore1/authorized_keys
scp id_rsa.pub esxihost:/.ssh
I enabled SSH through the Security profile in vCenter, created the root password, and can manually ssh into and out of the host. I edited /etc/rc.local to include:
mkdir /.ssh
cp /vmfs/volumes/datastore1/authorized_keys/* /.ssh/
chmod -R 600 /.ssh
I've rebooted, but no matter what I try, I can't get passwordless login to work from the Administrator account on Windows into the root account on ESXi.
Any ideas?
Thanks.