Keep the SSH running on an ESXi host

  • 21 January 2021
  • 0 replies
  • 34 views

Userlevel 5
Badge +5
  • Nutanix Employee
  • 416 replies

All Nutanix clusters that run on third-party hypervisors share the same problem – how to communicate to that hypervisor.


A Controller VM performs an array of tasks, many of which are triggered by the state of the host. In addition to that, a range of health checks is running regularly to ensure the cluster's health. For ESXi, CVM collects the information via SSH. Turning off SSH service on a host results in a multitude of health errors.

While recommendation exists to keep the SSH service down on the ESXi hosts and only bring it up for ad-hoc tasks, this is not the way with Nutanix. Instead, look at strengthening network security. Consider limiting access to the hosts via SSH form a limited number of network segments, that are well protected by multiple additional layers of firewalls, two-factor authentication and what not.

Stay safe, stay secure.

KB-2051 NCC Health Check: esx_check_services

vSphere Administration Guide for Acropolis: Nonconfigurable ESXi Components


This topic has been closed for comments