VMware vSphere

A host was updated to ESXi 5 from version 4.
All GUI options give the impression that sshd is running but ps | grep sshd shows that it is not.
How can we start sshd manually in such a case ?

How did you do the ps? If you are still logged on did you try /etc/init.d/SSH restart of /etc/init.d/SSH start ?

doing that gives the answer
SSH login enabled

but does not change anything - sshd is still not running

@ aravinds
that kb does not apply to esxi5

Hi

can you find the 22 port in th output of the command

# netstat -ant |grep 22

if 22 port is availabe it means another process is using the same port. Please shutdown the process and restart the service and enjoy.

thanks for the suggestion but netstat does not exist in ESXi 5

anayway

telnet esxi5 22

executed on another host shows that nothing is listening on port 22

we found that
/etc/ssh/ssh_host_rsa_key and   /etc/ssh/ssh_host_dsa_key
are blank.
So the question now is how to generate new keys

Try to

vim-cmd hostsvc/enable_ssh

&

/etc/init.d/SSH start

(+)

Instead netstat :

esxcli network ip connection list | grep 22

thank you
I tried that on a test host and it does not create new keys

You can create new keys by using:

/usr/lib/vmware/openssh/bin/ssh-keygen -t dsa

/usr/lib/vmware/openssh/bin/ssh-keygen -t rsa

@ nielse
thank you - that should work
I can post the result tomorrow

Ok take a look at ks.cfg command for enabling ssh:

vim-cmd hostsvc/enable_ssh
vim-cmd hostsvc/start_ssh
vim-cmd hostsvc/enable_esx_shell
vim-cmd hostsvc/start_esx_shell

(from ESXi 5.0 and Scripted Installs)

key generation

/usr/lib/vmware/openssh/bin/ssh-keygen -q -t rsa1 -f /etc/ssh/ssh_host_rsa_key -C '' -N ''

but vim-cmd more preferable (from my point of view)

(+)

And more - on *nix system, if not exist ssh_host_rsa_key, then /etc/init.d/sshd recreated it. But in ESXi I don't see such functionality

The main problem is that vim-cmd will not regenerate the keys/files and therefor will fail.

So indeed playing with /usr/lib/vmware/openssh/bin/ssh-keygen will fix it :-)

The main problem is that vim-cmd will not regenerate the keys/files and therefor will fail.

Then i don't understand why execution ks.cfg create working sshd and local shell

continuum

And check file /etc/ssh/sshd_config

vim-cmd will just start/stop the services but it will not generate the needed key files. That is also why ssh-keygen is part of the ks.cfg, this will generate the keys which are needed :-)

Basicly vim-cmd is an alias to the init files which are also in /etc/init.d (even tho you SHOULD use vim-cmd).

Also keep in mind that ESXi runs on BusyBox which is a very light shell which explains why a lot of usefull commands won't work (for eg netstat).

Nielse - sshd is running again.
Thank you

Niels Engelen wrote:

Also keep in mind that ESXi runs on BusyBox which is a very light shell which explains why a lot of usefull commands won't work (for eg netstat).

There is actually (almost) netstat in the ESXi shell, however through the esxcli command.

See this blog post.

You can check this KB and see if it helps