setting up SSH on ESXi v8 nodes

warning // lessons learned

edward curve auth is still not supported when fips is enabled, as of esxi v8 (aug 2025)

therefore, you –either– need to disable FIPS

esxcli system security fips140 ssh get
esxcli system security fips140 ssh set -e false

–or– simply use bad old RSA

enable at boot-time

–either– from the web ui

(select the esxi node)
Configure tab
System / Services

SSH --> start & enable with host

–or– using the cli

    vim-cmd hostsvc/enable_ssh

–or– dirty style

vi /etc/rc.local.d/local.sh

/etc/init.d/SSH start

also get rid of the ssh warning in the web ui

vim-cmd hostsvc/advopt/update UserVars.SuppressShellWarning long 1

usage

once TSM-SSH service is enabled, connect as root

    ssh esxi-node -l root

additional notes

further configurations

esxcli system ssh server config list

resources

cli & fips

https://knowledge.broadcom.com/external/article/383999/how-to-enable-fips-in-vsphere-environmen.html ==> how to disable fips

FW https://williamlam.com/2024/10/quick-tip-ssh-server-client-authorized-key-configurations-for-esxi-7-0-update-1-and-later.html ==> esxcfg usage, fips vs no fips

boot-time

https://knowledge.broadcom.com/external/article/324525/modifying-the-rclocal-or-localsh-file-in.html

ssh warning

https://knowledge.broadcom.com/external/article/367599/warning-for-shell-and-ssh-being-enabled.html

deprecated

https://woshub.com/ssh-key-based-auth-vmware-esxi/ ==> deprecated, there’s no standalone sshd_config no more


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Licensed under MIT