SSH can’t be disabled on ESXi server

 

This is something I have come across a couple of times, but yet couldn’t find a lot on it when I searched – so I thought I would add to the search results.

Randomly, I will get an error when I go to stop the SSH service on an ESXi 5 server:

“Call ‘HostServiceSystem.Stop’ for object “serviceSystem7117” on vCenter Server Servername failed”

error

While the vSphere client shows that the service is stopped, the ESXi server still has an alert that SSH is enabled for the host.

still-shows-enabled

At this point, it doesn’t matter if you enable / disable – nothing is going to change. However, the fix is not all that bad.

Solution:

  • Log into the server via SSH (yes, it is still running).
  • change directory to /etc/vmware/service
    • cd /etc/vmware/service
  • Make a backup of the service.xml file
    • cp service.xml service.xml.backup
  • Edit the service.xml file, and remove the line that contains <ruleset>sshServer</ruleset>
    • vi service.xml
    • locate the line, and hit “dd” to remove the line
    • press “:” and then “wq” to save and exit vi
  • Refresh the network setting
    • esxcli network firewall refresh
  • Exit the SSH session
  • Go back to the configuration / Security section and click refresh

You can now go into the services and stop SSH.

stopped-but-not

source: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2037544

 

 

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.