Change SSH port in VMware ESXi
We decided to consolidate our office network and we bought a new server with 32GB of memory and some new processor and motherboard. We will use this machine to run all the machines as VMs in VMware ESXi.
We decided to use another port for SSH, say… 222.
These are the steps to reconfigure VMware ESXi to have the SSH service listening on port 222:
0. You need to have console access to ESXi. For this, you can enable shell access and have a keyboard and monitor connected to the server, or you can use SSH (on the default port, 22, at the beginning). vSphere client also proved useful for administration.
1. In the console, edit the file “/etc/services
“, changing the port for the SSH service, like this:
ssh 222/tcp # SSH Remote Login Protocol ssh 222/udp # SSH Remote Login Protocol
2. Edit the configuration file of the SSH services, “/etc/ssh/sshd_config
“, uncomment the “Port” directive and change the value to 222:
Port 222
3. Create a new file in the datastore:
vi /vmfs/volumes/datastore1/ssh222.xml
and add the following content:
<!-- Firewall configuration information --> <ConfigRoot> <!-- SSH Port 222 --> <service id='1000'> <id>sshServer222</id> <rule id='0000'> <direction>inbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port>222</port> </rule> <rule id='0001'> <direction>outbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port>222</port> </rule> <enabled>true</enabled> <required>false</required> </service> </ConfigRoot>
4. Enable this settings file in the firewall, adding at the end of the file “/etc/rc.local
” this code:
cp /vmfs/volumes/datastore1/ssh222.xml /etc/vmware/firewall/ /sbin/esxcli network firewall refresh
5. Reboot the server. If you are using vSphere client, go to the tab Configuration->Security Profile, check if the new firewall rule appears (of course, after reboot) and check if the SSH service is started by default (as it should be). If the new firewall rule is not enabled, enable it. You can disable the old (default) SSH rule in the firewall.
That’s it – you have ESXi with SSH access on port 222.
Nice howto.
I’m not in front of my ESXi hosts now, have to try this tomorrow.
The only thing I don’t get though, why the need to edit ‘/etc/services’??
It’s the whole point to change the port, right?
Details here: http://communities.vmware.com/message/1685198
tnx i can change port
Hi , can i use the same method for ESXi 5.5 ?
is it necessary to reboot the server ? 😉