Even if you have all the graphic tools that you want to manage your virtual environment, sometimes you still want to use command line utilities for maximum control or for something that isn’t really supported.

There are more than one way to enable SSH on your hosts. One of them is via the DCUI (Direct Console User Interface). One of the ways to do that remote is with SSH. Enabling SSH can be done from the GUI, but since that’s not the goal of PowerShell Friday we’re going to do this the PowerCLI way.

What is SSH

SSH, or Secure Shell, is a way to get into a ESXi or Linux host throug the network, so you can enter commands and get the output without entering your data center. SSH encrypts the connection so no clear text information is sent to and from the ESXi host.

Enabling SSH

If you want to enable SSH on all hosts in your vCenter, you can use the oneliner below.

Get-VMHost | Foreach {Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} )}

If you want to filter which hosts you want to enable SSH on, specify them on the Get-VMHost:

Get-VMHost -Name MyHosts*| Foreach {Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} )}

Check which hosts still have SSH enabled.

Get-VMHost | Get-VMHostService | Where { $_.Key -eq "TSM-SSH" } |select VMHost, Label, Running

By the way, if you were wondering what TSM stands for, it is “Technical Support Mode”.

Disabling SSH

If you want to disable SSH on all hosts still running SSH, you can use the following:

Get-VMHost | Foreach {Stop-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} )}

Shorter/faster

The oneliners I used above are retrieving the objects for hosts with Get-VMHost. After that they get processed by the Get-VMHostservice. The oneliner can be simplified by using the host directly in the Get-VMHostService cmdlet. It seems a little bit faster.

Get-VMHostService -VMHost "esx01.local" | Where-Object {$_.Key -eq "TSM-SSH"}

The reason that I’m still using the first method is that I really don’t know. I want to say that it is more logical than the latter, but it isn’t. “Getting the object for VMHost and then looping through it, feeding it through the Stop-VMHostService with parameters from Get-VMHostService to stop them” isn’t more logical than “Get the services from host esx01.local, select the SSH service and stop it”.

Get-VMHostService -VMHost * | Where-Object {$_.Key -eq "TSM-SSH" } | Stop-VMHostService

Works just as good as the first one.

What are you using?

Now I told you my oneliner, which version are you using or preferring? Please let me know in the comments section below.