Change SSH port in VMware ESXiChange SSH port in VMware ESXi

March 19, 2012
Tags: , , , ,

We decided to consolidate our office network and we bought a new server with 32GB of memory and some new processor and motherboard. We will use this machine to run all the machines as VMs in VMware ESXi.
We decided to use another port for SSH, say… 222.

These are the steps to reconfigure VMware ESXi to have the SSH service listening on port 222:

0. You need to have console access to ESXi. For this, you can enable shell access and have a keyboard and monitor connected to the server, or you can use SSH (on the default port, 22, at the beginning). vSphere client also proved useful for administration.

1. In the console, edit the file “/etc/services“, changing the port for the SSH service, like this:

ssh 222/tcp # SSH Remote Login Protocol
ssh 222/udp # SSH Remote Login Protocol

2. Edit the configuration file of the SSH services, “/etc/ssh/sshd_config“, uncomment the “Port” directive and change the value to 222:

Port 222

3. Create a new file in the datastore:

vi /vmfs/volumes/datastore1/ssh222.xml

and add the following content:

<!-- Firewall configuration information -->
<ConfigRoot>

        <!-- SSH Port 222 -->
        <service id='1000'>
                <id>sshServer222</id>
                <rule id='0000'>
                        <direction>inbound</direction>
                        <protocol>tcp</protocol>
                        <porttype>dst</porttype>
                        <port>222</port>
                </rule>
                <rule id='0001'>
                        <direction>outbound</direction>
                        <protocol>tcp</protocol>
                        <porttype>dst</porttype>
                        <port>222</port>
                </rule>
                <enabled>true</enabled>
                <required>false</required>
        </service>

</ConfigRoot>

4. Enable this settings file in the firewall, adding at the end of the file “/etc/rc.local” this code:

cp /vmfs/volumes/datastore1/ssh222.xml /etc/vmware/firewall/
/sbin/esxcli network firewall refresh

5. Reboot the server. If you are using vSphere client, go to the tab Configuration->Security Profile, check if the new firewall rule appears (of course, after reboot) and check if the SSH service is started by default (as it should be). If the new firewall rule is not enabled, enable it. You can disable the old (default) SSH rule in the firewall.

That’s it – you have ESXi with SSH access on port 222.

Be Sociable, Share!

4 Responses to “Change SSH port in VMware ESXi”

  1. Nice howto.

    I’m not in front of my ESXi hosts now, have to try this tomorrow.

    The only thing I don’t get though, why the need to edit ‘/etc/services’??

  2. It’s the whole point to change the port, right?
    Details here: http://communities.vmware.com/message/1685198

  3. tnx i can change port

  4. Hi , can i use the same method for ESXi 5.5 ?

    is it necessary to reboot the server ? 😉

Leave a Reply




*