The ESXi Shell is disabled by default on ESXi hosts. You can enable local and remote access to the shell if necessary.

Enable the ESXi Shell for troubleshooting only. The ESXi Shell is independent of in lockdown mode. The host running in lockdown mode does not prevent you from enabling or disabling the ESXi Shell.

See vSphere Security.

ESXi Shell

Enable this service to access the ESXi Shell locally.


Enable this service to access the ESXi Shell remotely by using SSH.

See vSphere Security.

The root user and users with the Administrator role can access the ESXi Shell. Users who are in the Active Directory group ESX Admins are automatically assigned the Administrator role. By default, only the root user can run system commands (such as vmware -v) by using the ESXi Shell.


Do not enable the ESXi Shell unless you actually need access.