Issue:
PCI Compliance is knocking at the door and the SSH Service should not be enabled on the ESXi Hosts.
Goal:
- Stop the SSH Service for an ESXi Host in vSphere via PowerShell.
- Update the Policy of the Service to “Off”
Fix:
Connect to vCenter and stop the correct service and once the change is made, the Hostname and service status will be presented.
Connect-VIServer (vCenter Server Name)
Get-VMHost -Name (Hostname) | Get-VMHostService | Where-Object {$_.key -eq"TSM-SSH"} | Stop-VMHostService -confirm:$false | Set-VMHostService -Policy "off" -confirm:$false | Select VMHost,Key,Running,Policy
In-Depth Steps:
- Open PowerShell and connect to your vCenter Server.
-
Connect-VIServer (vCenter Server FQDN)
-
- Find the Key of the SSH Service so we can manipulate it.
-
- Get the list of Services for an ESXi Host and their Status
-
Get-VMHost -Name  (Hostname) | Get-VMHostService
-
-
- Label shows us “SSH”
-
- Now that we have our Key, we can toggle the Service On/Off
-
Get-VMHost -Name (Hostname) | Get-VMHostService | Where-Object {$_.key -eq"TSM-SSH"} | Stop-VMHostService
-
- Adding a comment so that there is no confirmation
-
Get-VMHost -Name (Hostname) | Get-VMHostService | Where-Object {$_.key -eq"TSM-SSH"} | Stop-VMHostService -confirm:$false
-