The ESXi Shell, which was formerly referred to as Tech Support Mode or TSM, is disabled by default on ESXi. You can enable local and remote access to the shell if necessary.

Enable the ESXi Shell for troubleshooting only. The ESXi Shell can be enabled or disabled when the host is running in lockdown mode. The host running in lockdown mode does not prevent you from enabling or disabling the ESXi Shell. See vSphere Security.

ESXi Shell
Enable this service to access the ESXi Shell locally.
SSH
Enable this service to access the ESXi Shell remotely by using SSH. See vSphere Security.

The root user and users with the Administrator role can access the ESXi Shell. Users who are in the Active Directory group ESX Admins are automatically assigned the Administrator role. By default, only the root user can execute system commands (such as vmware -v) by using the ESXi Shell.

Note: Do not enable the ESXi Shell until you actually need access.