The ESXi Shell gives us a subset of commands for troubleshooting and managing individual ESXi hosts. ESXi Shell can be useful to quickly investigate and resolve issues with single hosts, for example if management agents are unresponsive. This section will cover how to enable ESXi Shell, how to access the ESXi Shell, and how to use the ESXi Shell. It is important to remember that when the ESXi Shell and SSH services are enabled you are potentially opening up vulnerabilities to which attackers may be able to use maliciously. For this reason you will see a warning on any hosts in the web client when the ESXi Shell and / or SSH service is enabled. You can suppress the ESXi Shell warning by following this kb. Remember to disable the ESXi Shell when you have finished, it is also possible to configure time-outs when enabling the ESXi Shell; availability time-out to determine how long ESXi Shell is enabled for, and idle time-out to determine how long idle sessions are kept connected.
You can remotely manage multiple hosts using the vSphere Management Assistant, for more information see the vSphere Management Assistant Guide.
Enabling ESXi Shell
By default the ESXi Shell is disabled, it can be enabled using the DCUI or web client (local or vSphere).
- DCUI (Direct Console User Interface)
- Access the console of the ESXi host by plugging in a monitor and keyboard, or establishing a remote console session using remote server tools such as ILO, IMM, etc.
- Press F2 and enter the root password. Browse to Troubleshooting Options.
- Select ESXi Shell and press Enter to toggle between enabled and disabled. If you are going to access the Shell locally this is sufficient, for remote connections you must also enable SSH.
- Press Esc twice to exit out of the menus.
- ESXi host web client (standalone hosts v6.5 and above)
- Browse to the IP address of FQDN of the host and log in with the root password.
- From the Navigation menu select Manage, and open the Services tab.
- Locate and Start TSM for the ESXi Shell, and TSM-SSH for SSH if required.
- vSphere web client (hosts connected to vCenter Server)
- Browse to the IP address or FQDN of the vCenter Server and log in with an administrator account.
- Locate the host in the inventory and select the Configure tab.
- Scroll down to the Security Profile menu under System.
- Click Edit and start the Direct Console UI, ESXi Shell, and SSH services.
Access ESXi Shell
Once enabled, the ESXi Shell can be accessed locally using the DCUI or remotely over SSH.
- For DCUI access to the ESXi Shell press ALT + F1 from the ESXi console screen. Log in with the root password.
- For remote access open a connection over port 22 using an SSH client such as Putty, and log in with the root password.
Using ESXi Shell
The ESXi Shell contains the full range of esxcli and esxtop commands, as well as esxcfg for legacy purposes (although be aware that esxcfg is depreciated and may be phased out in future releases). The ESXi Shell is useful for performing maintenance and troubleshooting individual hosts, it cannot be used for scheduling scripting jobs. For managing multiple hosts and scripting use vSphere CLI (vCLI) either as a local installation or with the vSphere Management Assistant (vMA).
Have a look in /usr/sbin to view the available commands for the ESXi Shell; enter cd /usr/sbin and then ls. Note that commands are case sensitive.
esxtop is a powerful utility for examining ESXi host performance metrics and investigating performance issues. In the ESXi Shell enter esxtop with variables such as c for CPU, m for memory, n for network, and d for disk, read more in the Troubleshooting with ESXTOP post.
esxcli is a comprehensive set of commands for managing the vSphere environment. The command set is broken down into namespaces, to view the available namespaces use the esxcli command.
This propogates down the chain, for example use esxcli storage to view the options within the storage namespace. You can use –help at any level of esxcli for assistance.
You can view a full list of esxcli commands by entering esxcli esxcli command list. The screenshot below has been cropped and isn’t a full list, it may be beneficial to drill down through the relevant individual sections using the method outlined above.
As you can see the range of esxcli commands is vast, let’s take a look at a few examples.
- esxcli hardware allows us to view and change the physical server hardware information and configuration. Use esxcli hardware cpu global set to enable or disable hyperthreading.
- esxcli system allows us to view and change the ESXi system configuration. To enable or disable maintenance mode use esxcli system maintenanceMode set.
- esxcli storage can be used for storage related tasks, use esxcli storage core path list to view attached LUNs, or esxcli storage vmfs upgrade to upgrade VMFS.
- esxcli network allows us to perform network related tasks, use esxcli network vswitch standard to create a new standard virtual switch.
To exit the ESXi Shell use the exit command. Hopefully this post provides enough to get you started, if you are using ESXi Shell on a regular basis and want to view previously executed commands see this post by William Lam. For details on patching or upgrading ESXi from the command line see the ESXi Command Line Upgrades post.