Enable shell access to the VCH Endpoint VM
You can use the vic-machine debug
command to enable shell access to a virtual container host (VCH) endpoint VM by setting a root password on the VM. Setting a root password enables access to the VCH endpoint VM via the VM console only. If you require SSH access to the VCH endoint VM, rather than just shell access, see Authorize SSH Access to the VCH Endpoint VM.
IMPORTANT: Any changes that you make to a VCH by using vic-machine debug
are non-persistent and are discarded if the VCH endpoint VM reboots.
In addition to the Common vic-machine
Options, vic-machine debug
provides the --rootpw
, --enable-ssh
and --authorized-key
options.
You must specify the vSphere target and its credentials, either in the
--target
option or separately in the--user
and--password
options.The credentials that you provide must have the following privilege on the endpoint VM:
Virtual machine.Guest Operations.Guest Operation Program Execution
You must specify the ID or name of the VCH to debug.
- You might need to provide the thumbprint of the vCenter Server or ESXi host certificate. Use upper-case letters and colon delimitation in the thumbprint. Do not use space delimitation.
- You enable shell access by specifying a password for the root user on the VCH endpoint VM in the
--rootpw
option. Setting a password on the VCH allows you to access the VCH by using the VM console. If you also set the--enable-ssh
option, you can use this password to connect to the VCH by using SSH. Wrap the password in quotes if it includes shell characters such as$
,!
or%
.--rootpw 'new_p@ssword'
- When you use the password to log in to a VCH, you see the message that the password will expire in 0 days. To obtain a longer expiration period, use the Linux
passwd
command in the endpoint VM to set a new password. If the password expires, the VCH does not revert to the default security configuration from before you ranvic-machine debug
. If you attempt to log in using an interactive password via the terminal or SSH, you see a prompt to change the password. If you are using an SSH key, you cannot log in until you either change the password or runvic-machine debug
again.
Example
This example sets a password to allow shell access to the VCH.
$ vic-machine-operating_system debug --target vcenter_server_or_esxi_host_address --user vcenter_server_or_esxi_host_username --password vcenter_server_or_esxi_host_password --id vch_id --thumbprint certificate_thumbprint --rootpw 'new_p@ssword'
Output
The output of the vic-machine debug
command includes confirmation that SSH access is enabled:
### Configuring VCH for debug #### [...] SSH to appliance: ssh root@vch_address [...] Completed successfully