vSphere 6.0 Client Shell and Password Notes
Shell Access
Alt-F1 - Local console shell access.
(If ID is locked out, you will have to wait for access or use another admin ID to unlock it.)
Instead of getting to the bash shell prompt, you arrive at a special appliance shell.
To enable for a 1 hour period, follow the instructions on screen and do:
> shell.set --enabled True
> shell
# ...
Note: You can see how much time you have left in the shell with the command shell.get.
You can enable SSH all the time, but only do that if the appliance is not connected to the Internet.
You can enable from the console start screen under <F2>.
You can enable it from the vSphere Web Client at:
System Configuration --> Notes --> Manage --> Settings --> Access.
Passwords
Passwords are controlled by the Password Policy.
(Administration --> Single Sign-On --> Configuration --> Policies (tab) --> Password Policy (tab) )
Create a new policy after deploying your new appliance. Because special characters can occasionally cause issue, you may or may not want to enforce them.
Password lockouts are controlled by the password Lockout Policy.
e.g. 5 failed logins, within 180 seconds, will have lockout of 3600 seconds/ 1hr
(Administration --> Single Sign-On --> Configuration --> Policies (tab) --> Lockout Policy (tab) )
If you are in the shell, you can check the root password's expiration:
# chage -l root
To disable expiration, you could do:
# chage -M -1 root
The system sends an e-mail regarding an expiring password 1 week before. Give a e-mail address to a login to make use of this feature:
(Note: This is in the appliance shell.)
> user.set --username root --email yourmail@somewhere.org
Certificates
vSphere 6 now creates its own CA root certificate. You can now copy it off the vSphere appliance and deploy it as a root to your corporate web browsers.
The file is at:
/var/lib/vmware/vmca/root.cer
previous page
|