I have often encountered challenges related to user and password management in the VMware world. One of the least documented, and perhaps least known, features is the ability to use an Active Directory account to log in via SSH to the vCenter.
This option is often overlooked by us system administrators, who tend to prefer using the root account. However, since the root account has maximum privileges and is not directly traceable to a specific user, it should only be used in extreme cases. For daily operations, it is better to opt for a more secure and traceable approach, such as authentication through Active Directory.
How to do it
Below is a step-by-step guide on how to configure this functionality:
Step 1: Log in to the vCenter using an account with administrative privileges. Then navigate to Administration → Single Sign-On → Users and Groups → Groups.
Search for the group SystemConfiguration.BashShellAdministrators in the list of groups and select it. Then, click on Add Members to add the desired users.
Once identified, add the group to the list.
Step 3: Access the vCenter’s VAMI interface using the URL https://FQDN:5480. Once logged in, enable SSH login to allow terminal connections.
Step 4: Log in to the vCenter via SSH using an Active Directory account in the UPN format (e.g., user@domain.local). After logging in, execute the following commands:
shell.set --enabled trueCode language: JavaScript (javascript)shell
Step 5: To gain root privileges, execute the following command:
sudo su -