We all know that we can enable SSH and the ESXi shell from within the vSphere client or through the DCUI. This is a great feature that lets us get into the ESXi command space and run things like esxtop, esxcli commands, etc… Problem being, that once these shells are enabled we get that pesky shell/SSH warning displayed in our vSphere client, as well, that all too familiar yellow triangle gets labeled on our host. Now, I don't like seeing any warnings on my hosts, especially those dealing with something as minor as SSH. Good thing is, there is a very easy way to remove or suppress these warnings.
First off, the advanced configuration setting to do this is located in the software section under 'Advanced Settings'->UserVars->UserVars.SuppressShellWarning'. By default this setting will be set to 0, meaning display the warning. To hide it, simply set this option to 1.
There you go! Easy enough… if you only have one host! But what if you had multiple clusters full of multiple hosts…. well, that's where PowerCLI comes into play. First off, connect to your vCenter server using the Connect-VIServer servername CMDLET. Once connected, the following command will loop though a given cluster and modify the setting on every host…
foreach ($esxhost in get-VMHost -Location CLUSTERNAME ) { $esxhost | Set-VMHostAdvancedConfiguration -Name UserVars.SuppressShellWarning -Value 1 }
And there you go! A happy, non warning triangle life for you!
Not sure I’d label the warning as “pesky” outside of a lab environment – good to know when an Admin has left SSH access open. Do you leave this on all the time?
Had a similar discussion with Gabrie van Zanten back in October on the same subject.
http://wahlnetwork.com/2011/10/30/removing-tech-support-esxi-shell-host-warnings-on-vsphere-4-1u2-or-later/
True enough, its very useful when having multiple administrators who are poking around at things. I do not leave SSH open all the time, at the very most maybe a day. Pesky may have been a harsh word, the visual alerts just drive me a little insane when it’s a known configuration setting. That being said, I guess it does help protect ME from MYSELF 🙂 Thanks for the comment. And thanks for the post link as well, I had no idea you could use a * in PowerCLI to encapsulate all hosts 🙂