Enable shell access to the VCH Endpoint VM
You can use the
vic-machine debug command to enable shell access to a virtual container host (VCH) endpoint VM by setting a root password on the VM. Setting a root password enables access to the VCH endpoint VM via the VM console only. If you require SSH access to the VCH endoint VM, rather than just shell access, see Authorize SSH Access to the VCH Endpoint VM.
IMPORTANT: Any changes that you make to a VCH by using
vic-machine debug are non-persistent and are discarded if the VCH endpoint VM reboots.
In addition to the Common
vic-machine debug provides the
You must specify the vSphere target and its credentials, either in the
--targetoption or separately in the
The credentials that you provide must have the following privilege on the endpoint VM:
Virtual machine.Guest Operations.Guest Operation Program Execution
You must specify the ID or name of the VCH to debug.
- You might need to provide the thumbprint of the vCenter Server or ESXi host certificate. Use upper-case letters and colon delimitation in the thumbprint. Do not use space delimitation.
- You enable shell access by specifying a password for the root user on the VCH endpoint VM in the
--rootpwoption. Setting a password on the VCH allows you to access the VCH by using the VM console. If you also set the
--enable-sshoption, you can use this password to connect to the VCH by using SSH. Wrap the password in quotes if it includes shell characters such as
- When you use the password to log in to a VCH, you see the message that the password will expire in 0 days. To obtain a longer expiration period, use the Linux
passwdcommand in the endpoint VM to set a new password. If the password expires, the VCH does not revert to the default security configuration from before you ran
vic-machine debug. If you attempt to log in using an interactive password via the terminal or SSH, you see a prompt to change the password. If you are using an SSH key, you cannot log in until you either change the password or run
This example sets a password to allow shell access to the VCH.
$ vic-machine-operating_system debug --target vcenter_server_or_esxi_host_address --user vcenter_server_or_esxi_host_username --password vcenter_server_or_esxi_host_password --id vch_id --thumbprint certificate_thumbprint --rootpw 'new_p@ssword'
The output of the
vic-machine debug command includes confirmation that SSH access is enabled:
### Configuring VCH for debug #### [...] SSH to appliance: ssh root@vch_address [...] Completed successfully