Is the SSH-Service on your ESXi disabled?

Is the SSH-Service on your ESXi disabled?

Comments 0 Comment

In times like these, where daily security leaks are published, it’s time to check some basics.

Run the following PowerCLI Script to see if the SSH-Service is running and disable it!

#List Hosts into Array
$arr = @()
$arr = (Get-VMHost * | Foreach {($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"})} | select VMHost,Label,Policy,Running | Sort VMHost)

#Filter running SSH or Enabled
$sshOn = $arr | Where-Object { ($_.Running -eq "True") -or ($_.Policy -eq "on") }

#If SSH on -> Stop and Disable SSH
if (!$sshOn) {
Write-Host -BackgroundColor DarkGreen "No SSH enabled"
}
else {
#List Hosts
foreach ($VMhost in $sshOn) {Write-Host -BackgroundColor Red $VMhost.VMHost "- has SSH enabled"}
Write-Host -BackgroundColor Red "Stopping SSH Service and disable"
#Stop SSH Service
foreach ($VMhost in $sshOn) {Get-VMHost $VMhost.VMHost | Foreach {Stop-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"})-Confirm:$false }}
#Disable SSH Service
foreach ($VMhost in $sshOn) {Get-VMHost $VMhost.VMHost | Foreach {Set-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"}) -Policy Off -Confirm:$false }}
}

Enjoy 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.