Feed on

While looking for an OS X alternative to the ESX Virtual Infrastructure CLient for accessing the console of a virtual machine hosted on ESX, I found this article. An example configuration for accessing the console for a client on the ESX server using VNC port 5901 using a password of “secret” would require adding the following entries in the .vmx file for the virtual machine.

RemoteDisplay.vnc.enabled = "true"
RemoteDisplay.vnc.port = "5901"
RemoteDisplay.vnc.password = "secret"

The instructions work for ESX, except for one small detail: the ESX server won’t accept remote VNC connections. There is likely some way to turn this on, but allowing remote vnc connections to a server is typically not allowed and is considered a security hazard.

The solution is too use ssh port forwarding. If the vnc port on the ESX server is 5901, you create a tunnel with the following ssh command:

ssh -L5901:localhost:5901 user@esxhost

where “esxhost” is the hostname of the esx server and “user” is an authenticated user on the esx host.

Once logged in, you can connect to vnc port 5901 using any vnc client on the ssh client machine you have just connected from. The host should be “localhost”, the port should be “1″ and the password should be “secret”. The console for the client on the ESX server should be displayed. My vnc client of choice on OS X is “Chicken of the VNC” but here are many alternative vnc clients for OS X and other operating systems.

Note that ssh is disabled by default for root on ESX server, so if the “user” for ssh access is root, you will either need to enable root access by editing /etc/ssh/sshd_config on the ESX server and set “PermitRootLogin” to “yes”, or use another user authenticated on the ESX console. The later method is more secure since enabling root ssh access to the console is inadvisable for production installations.

Technorati , , , ,

4 Responses to “VMware ESX Remote Console from OS X”

  1. […] Lou Springer brings us a method of connecting to a VM’s console using VNC over SSH from Mac OS X. I’d seen references to using this with VMware Server, but didn’t know that it worked with VI3. Thanks, Lou! (Lou’s trick was based on information from this VMware KB article, by the way.) […]

  2. on 27 May 2008 at 12:06 pm Rob

    To avoid the SSH tunneling you can simply enable vnc through the ESX server firewall if you are comfortable with the risks. On the command line -

    esxcfg-firewall -e vncServer

    This is also something you can configure under the Virtual Center server configuration tab. You should then be able to vnc connect to anything you wish with no ssh hoops to jump through.

    I found that the RemoteDisplay.vnc.password didnt do anything for me - it is a passwordless connection to your vm’s console.

    Thanks for the pointer, interesting option to get to your vm console.

  3. on 27 Jan 2009 at 11:54 am Paul

    Try this. For ESX, it seems that you need to encode the password.

  4. on 19 Feb 2012 at 2:26 am Andrew Mauro

    About the firewall part see also: http://vinfrastructure.it/2011/12/esxi-use-the-embedded-vnc-server/

Trackback URI | Comments RSS

Leave a Reply