Descriptions: In ESX 4.1i root user is allowed to remotely ( ssh) logging to techsupport mode. In IT infrastructure company it is not a good practices to give root credentials to login to the host ( ESX 4.1i).This article will provide the administrator to disable direct root login to ESX i host and enable non root account to access the Remote TS mode and su to the root console.
Step by Step procedure:
Step1. Create a user.
1. Login to host using root account. ( Enable Local TS mode)
2. From console type this cmd to add a user # useradd ( user name) -M -d /
( Note: -d / switch is used to access the same root directory of root user)Step2
3.Change the password of the user (type this command in console # passwd user name) it will prompt for password give the password for the user.
Step 3 Edit /etc/passwd file ( command : # vi /etc/passwd) the out put seems like this.
Before editing: sshuser:x:501:501:Linux User , , , :/bin/sh
The highlighted line need to be edited .
need to editing the file like this : sshuser:x:501:501:sshuser :/ :/bin/ash
Step 5
# Use viclient or vcenter to login to ESX host
# Check the user which added in console is reflecting in Local user & Groups tab
It looks like it 501 sshuser Linux,User
Step 6
#Go to Permission tab right click and go to Add permission
#Select the user from the server and add the user
Change the user right to administrator
The out put likes this
Step 7
# log in to the server using the new user( sshuser)
Supply user credentials you will prompt to $ prompt of the user.
# The login screen looks like this
Type su – to switch to root shell it will ask for root credentials once it accept you will get # prompt.
Step 8
Step 9
# Try to login to TS mode with root user & Credentials
Denied shell access to root user
You can add root user at any time in later stage.
Enjoy :)
No comments:
Post a Comment