The ESXi Shell is disabled by default on ESXi hosts. You can enable local and remote access to the shell if necessary.
To reduce the risk of unauthorized access, enable the ESXi Shell for troubleshooting only.
The ESXi Shell is independent of lockdown mode. Even if the host is running in lockdown mode, you can still log in to the ESXi Shell if it is enabled.
See vSphere Security.
- ESXi Shell
- Enable this service to access the ESXi Shell locally.
- Enable this service to access the ESXi Shell remotely by using SSH.
The root user and users with the Administrator role can access the ESXi Shell. Users who are in the Active Directory group ESX Admins are automatically assigned the Administrator role. By default, only the root user can run system commands (such as vmware -v) by using the ESXi Shell.