By default, an admin user on the NSX Malware Prevention service virtual machine (SVM) does not have an SSH access to the SVM. The VMware vCenter administrator must activate SSH access to the SVM.

SSH access to the admin user of the SVM is key-based (public-private key pair). A public key is needed when you are deploying the service on an ESXi host cluster, and a private key is needed when you want to start an SSH session to the SVM.

Important: Store the private key securely. Loss of the private key can lead to a loss of SSH access to the NSX Malware Prevention SVM.

Prerequisites

  1. The public key of the NSX Malware Prevention SVM must be specified during service deployment and the key must adhere to a specific format. For information about the public key format, see Prerequisites for Deploying the NSX Distributed Malware Prevention Service.
  2. VMware vCenter administrator must activate SSH access to the NSX Malware Prevention SVM by completing these steps:
    1. Log in to vSphere Client.
    2. Go to Hosts and Clusters and navigate to the cluster.
    3. Select the VM (service virtual machine), and then click Launch Web Console.
    4. Log in to the SVM as a root user, and run the following command to start the SSH service:
      /etc/init.d/ssh start
      Note: On the first login, you are prompted to reset the default password of the root user. The default password is vmware.

Now, you can log in to the SVM as an admin user and use the SVM private key to start an SSH session.

Procedure

  1. Ensure that the private key file is stored on your computer from where you want to start a remote SSH session to the SVM.
    For example, let us assume that you had generated an RSA public-private key pair before service deployment. The private key ( id_rsa) is saved on your Windows computer at C:\Users\username\.ssh.
  2. On your Windows computer, open an SSH client and do these steps.
    1. Enter the IP address of the SVM management interface.
    2. Select the SVM private key file to use for authentication to the SVM.
      For example, if you are using the PuTTy client, navigate to Connection > SSH Auth. In the Private key file for authentication text box, click Browse, and navigate to the C:\Users\username\.ssh\id_rsa on your Windows computer to select the private key file.

      If you are using any other SSH client, consult the documentation of your SSH client for steps about specifying the private key file.

    If you are using the Mac Terminal or any SSH Terminal, run the following command to start an SSH session by using the SVM private key:
    ssh -i path_to_private_key admin@svm-management-ip
    • Replace path_to_private_key with the actual path to the folder where the private key file is stored on your machine.
    • Replace svm-management-ip with the actual IP address of the SVM management interface.

What to do next

After the debugging or troubleshooting tasks on the SVM are done, the VMware vCenter administrator must preferably deactivate SSH access to the NSX Malware Prevention SVM.