For Horizon Cloud Connector 2.0 and later, use these steps if you want to use a Secure Shell (SSH) connection with the primary node before pairing the appliance with the pod or if you want to enable SSH access to the worker node. For Horizon Cloud Connector 1.10 and earlier, use these steps to enable SSH access to the deployed appliance before pairing it with the pod.

If you do not require SSH access to Horizon Cloud Connector before pairing the appliance with the pod, you can wait to enable it until after the appliance is paired with the pod. See Enable or Deactivate SSH on the Horizon Cloud Connector Appliance Using the Configuration Portal in the Administration Guide.

Prerequisites

For Horizon pods on premises or in VMware Cloud on AWS, perform the following tasks.

Enable SSH Access With Public-Key Authentication for Horizon Cloud Connector 1.9 and Later for Horizon Pods on Premises or in VMware Cloud on AWS

Important: Beginning with Horizon Cloud Connector 1.9, SSH access is no longer supported for the root user account. For improved security, SSH access is only supported for the ccadmin user account through public-key (strongly recommended) or password authentication.

You can still use the root account to perform non-SSH administrative tasks on the appliance.

Use the following steps to enable SSH access to the Horizon Cloud Connector for the ccadmin user. As a security best practice, it is strongly recommended that you configure an SSH public key for authenticating the ccadmin user to the appliance.

  1. Use vSphere Client to launch the console for the deployed appliance and log in to the appliance using the root account and password you set when you deployed the OVA into vSphere.
  2. Set the password for the ccadmin account.
    passwd ccadmin
    
    Note: Ensure that the new password meets the security standards of a strong password. Verify that the password contains a minimum of eight characters with at least one capital, one numeric, and one special character.
  3. Enable SSH access by running the following command.
    /opt/vmware/bin/configure-adapter.py --sshEnable
  4. Configure public-key authentication using one of the following methods.
    • If you registered the SSH public key in the Customize template step of the appliance deployment wizard, public-key authentication is already configured and no additional steps are required.

      For more information, see On-premises and All-in-SDDC Horizon Pods: Download and Deploy the Horizon Cloud Connector into the Pod's vSphere Environment.

    • If you did not register the SSH public key during the appliance deployment, run the following command from the client system, replacing <IP_appliance> with the IP address of the Horizon Cloud Connector appliance. When prompted, enter the ccadmin password.
      ssh-copy-id ccadmin@<IP_appliance>

      The ssh-copy-id command copies the public key to the ccadmin user's ~/.ssh/authorized_keys file.

    Note: If you do not configure public-key authentication, password credentials are used to authenticate the ccadmin user for SSH access. For improved security, it is strongly recommended that you use public-key authentication instead of password authentication for SSH access.

SSH access to the appliance is now enabled.

Note: To run commands as a ccadmin user with elevated permissions, append the sudo prefix to the commands in an SSH session.

Enable SSH Access to Horizon Cloud Connector 1.8 and Earlier for Horizon Pods on Premises or in VMware Cloud on AWS

To open an SSH connection to Horizon Cloud Connector 1.8 or earlier, you must enable SSH access and log in as the root user.

  1. Use vSphere Client to launch the console for the deployed appliance and log in to the appliance using the root account and password you set when you deployed the OVA into vSphere.
  2. Enable SSH access by running the following command.
    /opt/vmware/bin/configure-adapter.py --sshEnable

SSH access to the appliance is now enabled.

Deactivate SSH Access to Horizon Cloud Connector for Horizon Pods on Premises or in VMware Cloud on AWS

If you need to deactivate SSH access to the appliance, use the following command:
/opt/vmware/bin/configure-adapter.py --sshDisable

Enable SSH Access to Horizon Cloud Connector for Horizon Pods in Azure VMware Solution (AVS)

  1. In the Azure portal, navigate to the Horizon Cloud Connector VM. Start the Run command action and choose RunPowerShellScript.
  2. Enable SSH access by running the following command.
    /opt/vmware/bin/configure-adapter.py --sshEnable

    SSH access to the appliance is now enabled.

  3. If you deployed Horizon Cloud Connector 1.7 and want to use SSH public key authentication, run the following additional command.
    chmod 744 /home/ccadmin

Enable SSH Access to Horizon Cloud Connector for Horizon Pods in Google Cloud VMware Engine (GCVE)

To enable SSH access to Horizon Cloud Connector prior to pairing the appliance with a pod in GCVE, include the appropriate line in the startup script when creating the Horizon Cloud Connector VM instance. See Horizon Pods - Federated Architecture with Google Cloud VMware Engine: Download and Deploy the Horizon Cloud Connector into Your Pod's Environment.

What to do next

Proceed to Verify the Horizon Pod and Virtual Appliance Are Ready to Be Paired with Horizon Control Plane. Then continue to Complete Pairing the Horizon Pod with Horizon Cloud Using the Horizon Cloud Connector Configuration Portal. When pairing is successfully completed, the Horizon Cloud Connector web-based configuration portal will provide a toggle that you can use to deactivate SSH access for the appliance, or re-enable SSH if it was previously deactivated.