The ESXi Shell is disabled by default on ESXi hosts. You can enable local and remote access to the shell if necessary.
To reduce the risk of unauthorized access, enable the ESXi Shell for troubleshooting only.
The ESXi Shell is independent of in lockdown mode. Even if the host is running in lockdown mode, you can still log in to the ESXi Shell if it is enabled.
Enable this service to access the ESXi Shell locally.
Enable this service to access the ESXi Shell remotely by using SSH.
See vSphere Security.
The root user and users with the Administrator role can access the ESXi Shell. Users who are in the Active Directory group ESX Admins are automatically assigned the Administrator role. By default, only the root user can run system commands (such as vmware -v) by using the ESXi Shell.
Do not enable the ESXi Shell unless you actually need access.