VMware PowerCLI to enable management services

I wrote this once when I needed to pull as much information as possible about the vmware environment I found myself in that day. It enables ssh and sets it to start at boot. It also enables SNMP, sets it to star at boot and sets the community string you define. I split it up into multiple for loops so I could easily track what I was doing with on screen commentary via write-host. I used it in a vSphere 5.5 environment. Beware results might vary by version.

<#####################################################################
I begin by letting you define your vCenter server, your datacenter object and your snmp community string
Next this script starts SSH, makes SSH start on boot, hides SSH warnings, starts SNMP, makes SNMP start on boot,
and sets the SNMP community string on each host in your defined data center.
######################################################################>

#Your Datacenter specific variables
$vCenter = "FQDN of vcenter server"
$datacenter = "datacenter object name"
$community = "SNMP Community String"

#Load VMware Cmdlets and connect to vCenter
Add-PSSnapin vmware*
Connect-VIServer -Server $vCenter

#Set VMHosts variable
$VMHosts = Get-VMhost -Location $datacenter | Sort-Object
  
# Start SSH on each host in the datacenter
ForEach ($HostMachine in $VMHosts) {
    Write-Host "Starting the SSH Service on $HostMachine " 
    $HostMachine | Get-VMHostService | Where-Object {($_.Key -eq "TSM-SSH") -and ($_.Running -eq $False)} | Start-VMHostService
}
  
# Change SSH to start on boot
ForEach ($HostMachine in $VMHosts) {
    Write-Host "Changing SSH to start on boot for $HostMachine " 
    $HostMachine | Get-VMHostService | where { $_.key -eq "TSM-SSH" } | Set-VMHostService -Policy "On" -Confirm:$false -ea 1
}
  
# Supress SSH warning
ForEach ($HostMachine in $VMHosts) {
    Write-Host "Hiding SSH Warning on $HostMachine "
    $HostMachine | Get-AdvancedSetting | Where-Object {$_.Name -eq "UserVars.SuppressShellWarning"} | Set-AdvancedSetting -Value "1" -Confirm:$false
}

#Start SNMP service on hosts
ForEach ($HostMachine in $VMHosts) {
    Write-Host "Starting SNMP on $HostMachine " 
    $HostMachine | Get-VMHostService | Where-Object {($_.Key -eq "snmpd") -and ($_.Running -eq $false)} | Start-VMHostService | Out-Null
}

#Change SNMP to start on boot
ForEach ($HostMachine in $VMHosts) {
    Write-Host "Changing SNMP to start with $HostMachine " 
    Get-VMHostService $HostMachine  | Where-Object { $_.key -eq "snmpd" } | Set-VMHostService -Policy "On" -Confirm:$false -ea 1 | Out-Null
}

#Set snmp community string and opens firewall for snmp
ForEach ($HostMachine in $VMHosts) {
    Write-Host "Setting snmp community string and opening firewall for $HostMachine"
    $esxcli = Get-EsxCli -VMHost $HostMachine
    $esxcli.system.snmp.set($null,$community,$true,$null,$null,$null,$null,$null,$null,$null,$null,$null,$null,$null,$null,$null,$null)
    $esxcli.network.firewall.ruleset.set($true, $true, "snmp")
}

Write-Host "Good Job"

PuTTYgen and an Ubuntu Server

Recently I used PuTTYgen to create a key pair which I intended to use to connect to one of the Ubuntu servers I have in my home lab. Not paying attention to detail, I uploaded the public key, ran

cat key.pub >> .ssh/authorized_keys

and was surprised to find that I was not able to connect. It turns out the formatting of the key is different in subtle ways. I’m going to cover how I manually modified the key so it would work, and then later found an easier way via ssh-keygen.

Manual Process

First I opened the key in Atom, an alternative to sublime text which I favor (when not using Vim that is 😉 ).

Turns out *Nix systems expect no other formatting or characters apart from the key itself. So I had to remove white spaces, comments and control characters. I manually removed all the words and comments. Then I hit find and searched via regex for carriage return and line feed. \r\n in the picture. I left the replace blank as I wanted to remove everything except for the key and replace it with nothing. You can see where Atom highlighted the space we would be removing.

Then I added ssh-rsa followed by a space at the start of the file. This signals the file encoding being used. Check RFC 4253 secion 6.6 (link) for a detailed, albeit boring, read about why we use ssh-rsa. If I want a comment, I can add a space followed by a comment at the end of the line.

Finally, just to be sure there were no issues with EOL between Windows and Linux, I installed an Atom package called line ending converter. To do this in Atom, I went to settings, chose install and searched community packages for the package. Once it is installed, it can be found under packages at Convert Line Endings to.

So now I have an acceptable key. I ssh to the box via username/password, open .ssh/authorized_keys, paste the key, and I’m good to go.

Or, if you’re the more streamlined type, this whole blog post can be done in one step. But, you wouldn’t learn what’s going on under the hood, and that’s the fun part.

ssh-keygen -i -f putty_key > new_key