Are you tired of seeing SSH and Shell warnings on your ESXi hosts? If you are at all like me, it’s maddening to see yellow warnings and banners on hosts in the vCenter Server inventory – especially when it’s for something as simple as the ESXi Shell and SSH service being enabled.
Granted, what’s a minor annoyance in a lab environment might be a warning that’s taken seriously in a locked down production environment. In these sorts of environments, administrators will need to enable/disable SSH and Shell access on an as-needed basis. Without the alarms and banners, services may be left turned on accidentally.
If you are using vSphere 6.0 or later, there is a nifty new ‘Suppress Warning’ option in the vSphere Web client. It can be found on the summary page of an ESXi host with an ESXi Shell or SSH warning currently triggered.
As you can see in the above screenshot, there are separate alerts for both the ESXi Shell and for SSH as well as an option to ‘Suppress Warning’ on each. Although it may appear that each can be suppressed independently, clicking one of the ‘Suppress Warning’ links will disable both ESXi Shell and SSH warnings on the host.
When clicking this, you’ll see a warning pop-up as shown below.
After clicking Yes, you’ll see the warnings disappear after the vSphere Web Client refreshes.
That’s great and all, but what if you want enable the warnings again? In this case, you’ll need to know what the ‘Suppress Warning’ option actually does behind the scenes. For those of you who are a little more ‘old school’ there has been a feature in place to enable/disable these shell warnings for some time – even in the legacy vSphere Client. An ‘Advanced Setting’ in ESXi exists called /UserVars/SuppressShellWarning.
You can find a bit more information on this specific setting from the ESXi command line:
# esxcli system settings advanced list | grep -A 10 /UserVars/SuppressShellWarning Path: /UserVars/SuppressShellWarning Type: integer Int Value: 1 Default Int Value: 0 Min Value: 0 Max Value: 1 String Value: Default String Value: Valid Characters: Description: Don't show warning for enabled local and remote shell access
As you can see, it’s a simple integer with a value of one or zero. The default value is ‘0’ which means that the host does NOT suppress the shell warnings. In the above example, you can see that the current integer value set is ‘1’.
You can also use the esxcfg-advcfg command to get and/or set the integer value set for UserVars/SuppressShellWarning.
To get the current value, you can use the following command:
[root@esx0:~] esxcfg-advcfg -g /UserVars/SuppressShellWarning Value of SuppressShellWarning is 1
And if you’d like to set it back to the default value of ‘0’ you can do the following:
[root@esx0:~] esxcfg-advcfg -s 0 /UserVars/SuppressShellWarning Value of SuppressShellWarning is 0
Unfortunately, when using esxcfg-advcfg to change the value, the host does not change its behavior in the UI immediately. I had to restart the management services on the host using ‘services.sh restart’ before the change took effect. Rebooting the host would have a similar effect.
Thankfully, it’s not necessary to tweak this option from the CLI, and there are ways to do this from both the vSphere Web Client as well as the legacy vSphere Client.
From the Hosts and Clusters view in the vSphere Web Client, select the host in question, then go to the ‘Manage’ Tab. Click ‘Settings’ and then ‘Advanced System Settings.
Once there, you’ll get a listing of over a thousand different settings that can be adjusted. Unlike the Legacy vSphere Client, they are not arranged in a hierarchy or tree view so this can be a pain to look through. To make your life easier, simply use the search box at the top right corner of the Advanced System Settings pane. Entering ‘SuppressShellWarning’ there will pull up only the single setting we are interested in as shown below:
To modify the value, simply click the setting to highlight it, and then click the pencil icon above to edit the value.
Once it’s changed here, the vSphere Web Client will refresh and the warnings and banners will take effect immediately.
If you prefer to use the legacy vSphere Client, the setting can also be adjusted using a similar workflow. Unfortunately, you can’t search for the specific setting, but it is organized in a hierarchy to simplify things.
From the ‘Configuration’ tab on an ESXi host, simply click ‘Advanced Settings’ under the ‘Software’ listing. A new window will open with a list of available settings. First click ‘UserVars’ from the left hand pane, and then scroll all the way down to locate UserVars.SuppressShellWarning as shown below:
Again, from the legacy client, the change will take effect immediately.
Well, that’s probably more than you ever wanted to know about suppressing shell warnings in ESXi!
One thought on “Suppressing ESXi Shell and SSH Warnings”
Thanks for sharing. Very useful information.