This article contains the following:
How to connect the RCCMD Appliance via SSH with the ESXi host
Transferring the public key part to the ESXi Host, Part 1
Transferring the public key part to the ESXi Host, Part 2
Testing your public key settings
Reconfigure RCCMD to manage the public ESXi server
RCCMD Appliance Version 4.54.12 231129 onwards: Configuration for Free Hosts
Enable ESXi Free / Public Host configuration
This installation instruction describes how to use RCCMD on a public ESXi Host.
Please notice that the installation on a public host is officially not supported by Generex (the warning in the RCCMD web configurator will never disappear).
There are several possibilities here - which instructions apply to you depends on two factors:
- Which ESXi version is being used
- Which RCCMD version is in use
Using RCCMD with VMware 5.x
For version 5.x, a (long since deprecated) Media Assistant was offered by VMware itself, on which an RCCMD for VMware was installed. The following steps must therefore be taken for the use of a free host with version 5.x:
1. Activate SSH in vSphere client:
In the ESXi Host configuration go to -> Software/Security profile -> Services->
Properties-> SSH and choose the option "Start and shutdown with the Host". Start the service and confirm with a click on OK.
2. Activate automatic boot and shutdown of virtual machines in vSphere Client:
In the ESXi Host configuration, go to -> Start/shutdown VM -> Properties and set the mark for "Enable automatic boot and shutdown of VM"
3. Make sure that all VMs have VMware Tools installed
4. Connect via SSH with the vMA, and copy the content of the file /root/.ssh/id_rsa.pub
5. Connect via SSH with the ESXi Host directly and paste the content of id_rsa.pub into the file /etc/ssh/keys-root/authorized_keys.
Make sure that the access authority for the file authorized_keys is set to 600!
Command for this action is: "chmod /root/.ssh/id_rsa.pub 600"
6. Connect from the vMA via SSH onto the ESXi Host. On first startup you will be asked to add the host key to the known hosts.
7. Check the configuration. If you connect via SSH from vMA to ESXi host, you shouldn't get a password request.
If a password is requested, make sure that both files are 100% identical. If not, repeat the steps 4-7.
8. Activate the FREE_ESXI_SHUTDOWN script in the rccmd_shutdown.sh.Comment the line ${ESXI_HOST_SHUTDOWN} with #, and remove in the line #${FREE_ESXI_SHUTDOWN} the comment at the beginning of the line.
Now you can test RCCMD.
RCCMD with VMware 6.7 onwards
The configuration is slightly different for version 6.7, as the VMA was deprecated with ESXi v. 6.5. Since version 6.5, RCCMD has been delivered with its own appliance, which contains a pre-installed and pre-configured RCCMD installation. The configuration path required depends on the age of the appliance being used.
For RCCMD Appliance up to version 4.54.12 231129, the configuration will be carried out as follows:
Activating the SSH console at the ESXi host
At the navigator on the left side, right-click the corresponding host. Under Services, click "Enable Secure Shell (SSH)". Repeat this procedure with “Enable console shell”. After this, click on Manage and open the tab “Services”:
Search for TSM and TSM-SSH and ensure the system state is “Running”.
In the next step, right-click on TSM to open the context menu. Under Policy, change the start condition to “Start and stop with host”. Otherwise, the service will not start when the ESXi host comes back after a power failure.
Repeat it with TSM-SSH service:
How to connect the RCCMD Appliance via SSH with the ESXi host
The following configuration steps cannot be done via the web interface; you need to use the console of the RCCMD appliance. You may use an appropriate tool such as the freeware program PuTTY and log in directly on the console of RCCMD.
As an alternative, you can use the console feature of the host to open the RCCMD console.
The RCCMD Appliance uses these default settings:
User: admin
Password: RCCMD
First you need to create a valid pair of SSH keys. The public key needs to be transferred to the ESXi host to authenticate the RCCMD Appliance.
Note:
Ensure that you generate the key under the correct account; keys are bound to the account that creates them. RCCMD issues control commands to the host as user root, while you typically authenticate to RCCMD as admin. If only admin is configured, routine ESXi operations will succeed, but shutdown will be rejected because the certificate for RCCMD’s internal root identity is invalid.
To avoid account-related inconsistencies, perform the procedure for both admin and root. To enable and assume the root account, run: sudo su.
Completing the steps for both accounts ensures that access and shutdown operations function correctly under admin and root.
Command: ssh-keygen
Follow the configuration dialog:
a. Please define the file location:
Keep the original settings, just press enter.
If you repeat this configuration step, an old key already exists. In this case, ssh-keygen will ask to overwrite the existing key:
To erase the existing key, just press “y”.
b. Advanced password security
When dealing with high security standards, additional passwords to protect key data from unauthorized access are mandatory. If you do not need additional password security to encrypt files, press enter without setting up additional passwords. For setting up a key, additional passwords are optional, not mandatory.
c. Finishing configuration work
ssh-keygen tells you when it finished the key creation.
Transferring the public key part to the ESXi Host, Part 1
Now it is time to transfer the public key to the public ESXi host to allow the RCCMD appliance to send a shutdown command via SSH without additional passwords.
Command: ssh-copy-id root@<IP address of your ESXi host>
You need to enter the root password of your ESXi host.
Due to the fact that the host is not authenticated, the appliance warns you it could be a faked server and asks if the connection should still be made:
Please answer this security question with "yes" (do not just enter y) to confirm the security warning.
When finished, the RCCMD appliance will show the success of the key transfer:
Transferring the public key part to the ESXi Host, Part 2
Although the file was transferred correctly to the default directory, SSH without a password will not work:
You need to correct a VMware-specific difference in the default directories:
Command: ssh root@<IP address of your ESXi host>
You need the ESXi root password to log in:
Please note: The first time you may be asked by the RCCMD appliance to add the ESXi host to the known hosts list.
If everything has worked properly so far, you are now connected via SSH with the ESXi server’s local console.
Now move on to the default directory .ssh where the ssh-copy-id command has placed the public key file:
Command 1: cd /.ssh
Command 2: ls
If everything is all right, you will now see the public key file “authorized_keys”
The contents of this file must now be appended to the "real" authorized keys file of the ESXi host without deleting other valid keys:
Command: cat authorized_keys >> /etc/ssh/keys-root/authorized_keys
Please note that you will not get a confirmation message; the console will only report if something went wrong (missing file, etc.)
After you have appended the public key, quit the SSH console and log off.
Command: exit, exit, exit,
Testing your public key settings
To validate that the public key works as expected, just log into the ESXi host again via SSH. If the certificate has been installed correctly, this can be done without a password query.
Log in to the RCCMD appliance via the console.
User: admin
Password: RCCMD
Then connect directly to the RCCMD host via SSH.
Command: ssh root@<IP address of the host>
If everything is prepared correctly, you will see the following screens:
Local RCCMD Appliance login screen:
SSH-Command to your ESXi host:
Welcome screen of the ESXi host:
Reconfigure RCCMD to manage the public ESXi server
RCCMD needs to know that it is a public server (or community edition) and the shutdown is an SSH command - you need to adapt the shutdown script for ESXi hosts.
Log into the console of the RCCMD appliance and move on to the appropriate directory:
Command 1: cd /opt/rccmd/remoteHostScripts/
Command 2: ls
Keep in mind that local installations may differ: Older versions of RCCMD use the directory /usr/rccmd, whereas later versions use /opt/rccmd as directory.
However, you need to adapt the script rccmd_shutdown_sh in both cases. The RCCMD appliance provides the user-friendly editor nano to help with this configuration work.
Since this script is system-relevant, this configuration can only be carried out as the so-called "SuperUser":
Command: sudo nano rccmd_shutdown_sh
Edit the script as follows:
Press CTRL + X to exit the editor and do not forget to save:
Now you can test RCCMD.
RCCMD Appliance Version 4.54.12 231129 onwards: Configuration for Free Hosts
With version 4.54.12 231129 and later, some basic configuration steps are obsolete. Due to this fact, the complete configuration process is less complex:
Enable the SSH console on your ESXi Host.
To do this, right-click on the host in the navigator and go to “Enable Secure Shell (SSH)” under Services. If it works, VMware will react with a corresponding message that you should turn the shell off if you do not need it.
Ensure this is not just a temporary, but a permanent setting:
At the Navigator, click on Manage - Open the tab „Services“. Search for these two entries:
The default setting for these services is a manual start / stop. As a consequence, the host will not restart this service automatically. Click with the right mouse button on the TSM service and select from the context menu „Policy“
Change the setup to „Start and stop with host“. Repeat this setup for the service TSM-SSH:
Connect the appliance with the host
You cannot perform this step via the web interface. You need to switch to the console of the RCCMD Appliance. To do this, use an appropriate tool such as the freeware program PuTTY and log in directly to the console of RCCMD.
As an alternative, you may also use the VMware integrated console to carry out this configuration step.
For this tutorial, the default credentials are configured:
User: admin
Password: RCCMD
Enable ESXi Free / Public Host configuration
In the last step, you only need to tell RCCMD that it is a public server (or a Community Edition). To do this, you must adapt the special shutdown script manually.
Log in to the console of the RCCMD appliance with the user "admin" and change to the script directory with the following command and display the content:
Command 1: cd /opt/rccmd/remoteHostScripts/
Command 2: ls
The script that you need to edit is called rccmd_shutdown.sh. The RCCMD appliance offers you the user-friendly editor nano, which is already pre-installed. As this script is system-relevant, you can only edit this file as a super user:
Command: sudo nano rccmd_shutdown_sh
Configure the script as follows:
- Search for FREE_ESXI_SHUTDOWN=false
- Set it to true: FREE_ESXI_SHUTDOWN=true
Type CTRL + X to quit the editor.
Click Y to confirm saving your changes:
Please ensure you do not change the filename.
RCCMD is ready to run with an RCCMD free host.
v.: 2025-08-26
Comments
0 comments
Please sign in to leave a comment.