The ESXi Shell is disabled by default. To increase security when you enable the shell, you can set an availability timeout, an idle timeout, or both.

The two types of timeout apply in different situations.
Idle Timeout
If a user enables the ESXi Shell on a host, but forgets to log out of the session, the idle session remains connected indefinitely. The open connection can increase the potential for someone to gain privileged access to the host. You can prevent this situation by setting a timeout for idle sessions.
Availability Timeout
The availability timeout determines how much time can elapse before you log in after you initially enable the shell. If you wait longer, the service is disabled and you cannot log in to the ESXi Shell.

Prerequisites

Enable the ESXi Shell. See Use the Direct Console User Interface to Enable Access to the ESXi Shell.

Procedure

  1. Log in to the ESXi Shell.
  2. From the Troubleshooting Mode Options menu, select Modify ESXi Shell and SSH timeouts and press Enter.
  3. Enter the idle timeout (in seconds) or the availability timeout.
    You must restart the SSH service and the ESXi Shell service for the timeout to take effect.
  4. Press Enter and press Esc until you return to the main menu of the Direct Console User Interface.
  5. Click OK.

Results

  • If you set the idle timeout, users are logged out after the session is idle for the specified time.
  • If you set the availability timeout, and you do not log in before that timeout elapses, logins become disabled again.