VMware is moving its vCenter Server from Windows to the Photon-based Linux operating system. When working with vCenter Service Appliance 6.7 , the following tips and tricks may be useful to you:
- Enable SSH
- File Transfer with SCP / SFTP
- Public Key Authentication
- Disable or Increase Shell Session Timeout
- Password expiration
- Reset vCenter Server Appliance 6.7 root password
- Create a Backup Job
- Certificate Warning
To troubleshoot vCenter and ESXi, SSH activation is urgently needed. Access to SSH in vCenter Server is disabled by default, but it can be activated via the Wizard of this service. To activate your SSH, use the DCUI service (Troubleshooting options) to activate SSH from the Appliance Management via vSphere Web Client.
Web Client> Administration> Deployment> System Configuration> Nodes> vCenter> Manage> Settings> Access
Appliance Management (https: // [VCENTER]: 5480 /)> Access
After connecting to vCSA through Appliance Shell, you can see SSH settings.
File Transfer with SCP / SFTP
To transfer files between computers and vCSA, WinSCP or similar tools are commonly used. By default, if you connect, you will receive the following error message because the Root user is configured for the Appliance Shell by default.
Received too large SFTP packet. Max supported packet site is 1024000 B.Cannot initialize SFTP Protocol. Is this host running an SFTP Server
To be able to communicate through WinSCP, the default Shell should be configured to / bin / bash:
# chsh -s "/ bin / bash" root
If you want to redo these changes later and re-enable Appliance Shell, change the default shell to / bin / appliancesh again:
# chsh -s / bin / devicesh root
Public Key Authentication
When working with Linux, you usually use SSH keys instead of the login password. Public Key Validation is a authentication method that generates a public / private key pair and allows login without logging in. Currently vCSA 6.7 is a predefined authorized_keys file . Just add your key by editing vi or with echo / pipe to the authorized_keys file:
echo "ssh-rsa AAAAB [....] fgrehl" >> /root/.ssh/authorized_keys
Now you should be able to connect to vCSA with your key. Note that you can not use Shell Appliance without entering your key.
Disable or Increase Shell Session Timeout
As a security feature, after 15 minutes of user inactivity, you automatically exit the system. You can see the default settings via echo $ TMOUT . Value in seconds (900 seconds = 15 minutes)
root @ vc [~] # echo $ TMOUT
To change the route duration etc / profile.d / tmout.sh / follow:
- Open tmout.sh with the editor.
- Change the value of the TMOUT = 900 field to the desired value.
- Save and close the file.
- Log out and re-enter.
If you want to remove this feature completely, delete the tmout.sh script .
root @ vc [~] # rm /etc/profile.d/tmout.sh
For passwords by default, there are two sources of verification. The Root user password is configured in Appliance Management, and all SSO users expire after 90 days.
Follow the following to configure:
Appliance Management (https: // [VCENTER]: 5480 /)> Administration> Password expiration settings
SSO Users (e.g. firstname.lastname@example.org):
Web Client> Administration> Single Sign-On> Configuration> Policies
Reset vCenter Server Appliance 6.7 root password
Follow the steps below to retrieve the Root user password in the vCenter Server Appliance (vCSA). This retrieval method is similar to the previous version (vCenter 6.5). This method is officially provided by VMware and the documentation is required for further investigation on the KB2147144 link .
- Take a snapshot of vCSA so you can go back in case of any problems with password recovery.
- Connect via the remote console to the ESXi host that runs vCSA.
- Restart vCSA. (Restart)
- Immediately after the system starts, press the E key (when the Photon display appears)
- Add rw init = / bin / bash to the end of the start line with Linux .
- Press F10 to boot the system.
- At the command prompt, enter the passwd and enter the new root password twice .
- Enter the command / umount to separate the file system .
- Reboot the vCSA server by running reboot -f command .
- Finally, check that you can log in with the new password and delete the snapshot step 1.
Create a Backup Job
Do not forget to back up your vCenter Server Appliance. The Appliance has an internal backup scheduler that allows you to backup without any other software.
Open Appliance Management (https: // [VCENTER]: 5480) and follow the path below:
Choose one method (FTP, FTPS, HTTP, HTTP or SCP) and your timing and policy to back up.
To get rid of your browser’s Certificate alerts, you need to add the Certificate Root VMCA to the local Trusted Root Certificate. You can download the certificate from your vCenter website and then install it: