SSH: Access the local monitor gui

SIGINT the window with Control+C to return to the SSH terminal.

# dcui

DNS: Add a DNS server to ESXi

# esxcli network ip dns server add --server=

DNS: Check ESXi server config

# esxcli network ip dns server list

Firewall: Show blocked and allowed services (true=allowed)

# esxcli network firewall ruleset list

Firewall: Allow to initiate an outgoing ssh client connection, from the ESXi:

# esxcli network firewall ruleset set --ruleset-id sshClient --enabled=true

Firewall: Deny to initiate an outgoing ssh client connection, from the ESXi:

# esxcli network firewall ruleset set --ruleset-id sshClient --enabled=false

Login Panel: Stop the Esxi vSphere web frontend management panel:

# /etc/init.d/rhttpproxy stop

SSH: Create public and private key on the ESXi server:
The key pair will be created in /.ssh and is not reboot persistent.
It is better to use the already existent keys under /etc/ssh or to move the newly generated keys there.
The keys in this folder are useable via ssh -i /etc/ssh/ root@$targetsystem

# /usr/lib/vmware/openssh/bin/ssh-keygen -t rsa -b 4096

SSH Upload your SSH public Key to ESXi for passwordless login to ESXi (The folder is ESXi 6.7 and 7.0 reboot persistent). From your client maschine:

# scp /home/$myuser/.ssh/ root@$esxihostname:/etc/ssh/keys-root/authorized_keys
# Make sure, ESXi can read the uploaded file, otherwise ssh key login will fail.
# chown root:root /etc/ssh/keys-root/authorized_keys

SSH: Disable SSH password login on ESXi (this config is reboot persistent):
Do not forget to uncomment the “ChallengeResponseAuthentication no” line

# vi /etc/ssh/sshd_config
  ChallengeResponseAuthentication no
# /etc/init.d/SSH restart

SSH Server: Start the SSH server on ESXi 6.7 during boot up, automatically
From version ESXi 6.7, the SSH server wont start automatically, even if it was running before the reboot.
Change this via adding the following string vim-cmd hostsvc/enable_ssh to the file vi /etc/rc.local.d/


# local configuration options

# Note: modify at your own risk!  If you do/use anything in this
# script that is not part of a stable API (relying on files to be in
# specific places, specific tools, specific output, etc) there is a
# possibility you will end up with a broken system after patching or
# upgrading.  Changes are not supported unless under direction of
# VMware support.

# Note: This script will not be run when UEFI secure boot is enabled.

vim-cmd hostsvc/enable_ssh
exit 0

ESXi ASH SHELL SETTINGS: Activate date and time of ESXi SSH history and how to use persistent aliases in ESXi shell: (All settings in this file do persist after an ESXi 6.7 reboot)

# vi /etc/profile.local
# alias history="tail -50 /var/log/shell.log"

Aliases example List all VMs / Start and stop VM by appending ID at the end of the power command
After a relogin you can:
Type in “list” without the quotes to get the $VMiD
Type in “stop $VMiD” without the quotes to kill VM with ID 1.
stop 1 will stop the VM with the $VMiD no.1 immediately

# vi /etc/profile.local
# alias list="vim-cmd vmsvc/getallvms"
# alias start="vim-cmd vmsvc/power.on "
# alias stop="vim-cmd vmsvc/ "
# alias running="vm-support --listvms"

Ip configuration: Show ESXi ip configuration (ifconfig |grep -v inet6 equivalent):

# esxcli network ip interface ipv4 get