PowerCLI: Enabling and Disabling SSH on vSphere hosts

image_pdfimage_print

I’m all about running PowerCLI to replace GUI management. Every once in a while there is a requirement to access the ESXCLI on my vSphere hosts, and this is a classic task that is a multi-click process and if you’re using the old 4.x or 5.0/5.1 web client, you may find the process very tedious.

PowerCLI to the Rescue

My suggestion is that the first window you should open up on your workstation each day, and that is the PowerCLI shell to do your VMware administrative work. Here is a great way to use that nifty little shell.

First, let’s walk through the process that we need to follow.

  1. Attach to your vCenter server
  2. Query your cluster to find the hosts
  3. On each host, enable SSH by starting the TSM-SSH service

On paper, it looks pretty easy. The surprising thing is that in PowerCLI it is just as easy as that 3 point list. Even more exciting is the fact that we are going to use the magic of the pipeline to create a one-liner for the whole process.

So for item number one you will most likely do this when you launch your PowerCLI shell. This is done with the Connect-VIServer CmdLet:

Connect-VIServer <yourvCenterHost>

stop-ssh

This will prompt you for credentials as you can see here:

auth

Now we are authenticated and we can move to step 2 which is to query the cluster. The Get-Cluster CmdLet is just what the doctor ordered:

Get-Cluster -name <yourclustername>

get-cluster

This returns the name of the cluster and nothing more. So let’s add in a pipe to a Get-VMHost CmdLet to get back a list of our vSphere hosts in that cluster:

Get-Cluster -name <yourclustername> | Get-VMHost

get-cluster-get-host

Alright, we have gotten to this point which is where it gets a little tricky. Now we have to turn on the TSM-SSH service on each host, but because we have our hosts in a pipeline, we need to get a little bit fancy.

Starting SSH with PowerCLI on One Host

We have to walk before we run, so the first thing we need to do is understand how to turn on SSH on one host, and then we can use that method to apply to each host from the query that we got from step 2.

This section has some challenges because we are going to do a Start-VMHostService using results from a Get-VMHostService using results from a Where clause query. That’s a bit weird sounding, so let’s just get to the code and it should make sense.

Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq “TSM-SSH” } )

Hopefully it makes sense when it’s written out like that. The command blocks are in parentheses which should help to differentiate each section. The great thing about PowerCLI and PowerShell is that you can run a CmdLet and pipe content into it from another query and you can even nest queries which is both awesome and confusing.

With our nice nested query in place, we just have to make this run for each of our hosts in the cluster that we queried. Hmmm…how would we do this for each of the hosts (HINT: The CmdLet is right there for us!)

Gluing it all together with our ForEach Loop – The Final One-Liner

The command line has come together easily now in bits and pieces. The last step is to put it all together into a single command line:

Get-Cluster | Get-VMHost | ForEach {Start-VMHostService -HostService ($_ | Get-VMHostService | Where {$_.Key -eq “TSM-SSH”})}

Make sure that you keep track of the opening and closing brackets there because some of them are curly and some are round brackets.

Let’s see the results!

enable-ssh

Reversing the Process to Stop the SSH Services

Using the very same logic, we can replace the Start-VMHostService CmdLet with the Stop-VMHostService CmdLet and the SSH services will be stopped which is the default configuration for our vSphere hosts.

Get-Cluster | Get-VMHost | ForEach {Stop-VMHostService -HostService ($_ | Get-VMHostService | Where {$_.Key -eq “TSM-SSH”})}

One More Thing

columbo

If you ran the Stop-VMHostService one-liner you will notice that you are prompted in the shell to confirm the action for each host:

prompt

Assuming you know what it is that you are doing with this process, there is one simple parameter to drop into the command line on the Stop-VMHostService section which is -Confirm:$FALSE as we see here:

Get-Cluster | Get-VMHost | ForEach {Stop-VMHostService -HostService ($_ | Get-VMHostService | Where {$_.Key -eq “TSM-SSH”}) -Confirm:$FALSE}

stop-ssh

Now that we have that command together, we can start and stop SSH on our clustered hosts with ease. You can also do the same for a list of non-clustered hosts by removing the Get-Cluster and the first pipe symbol.

Happy SSH-ing!

DiscoPosse

People, Process, and Technology. Powered by Community!

You might also like

9 Comments

  • Graham
    December 23, 2013 at 10:38 am

    Thanks for this post. Please note that the last code example in which you pass the “confirm:$false”, you’ve actually got the start-VMHostService in it.

    • DiscoPosse
      Eric
      December 23, 2013 at 10:41 am

      Thanks Graham! I’ve updated the code block to match 🙂

  • Cheryl
    March 17, 2014 at 9:37 am

    Avoid the For loop altogether by taking advantage of the pipeline.
    Get-cluster | Get-VMhost | Get-VMHostService | Where-Object { $_.Key -eq “TSM-SSH”} | Start-VMHostService

    • DiscoPosse
      Eric
      March 17, 2014 at 10:51 am

      Very cool Cheryl! Thanks for this 🙂

    • Jordan
      March 3, 2017 at 5:01 pm

      Here is how you would do it so you only modify hosts that actually have it turned on as opposed to all hosts in the cluster regardless if service is on or not.

      Get-Cluster “NAME” | Get-VMHost | Get-VMHostService | Where {$_.Key -eq “TSM-SSH” -and $_.running -eq “true”} | Stop-VMHostService -Confirm:$false

  • Wojciech Marusiak
    May 30, 2014 at 5:31 am

    Really neat post. Great Job Eric!

    • DiscoPosse
      Eric
      May 30, 2014 at 8:56 pm

      Thanks!!

  • ian
    July 1, 2015 at 10:59 am

    brilliant! Thanks for sharing, saves me a world of mouse clicks!

LEAVE A COMMENT

Proudly Sponsored By

GC On-Demand

Subscribe to the Blog

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Upcoming events:

Archives