Configure and report the ESXi host TSM-SSH service using PowerCLI

A customer contacted me the other day asking for a way to verify if the ESXi host TSM-SSH (SSH) service is running, and if so:

  • Turn off the TSM-SSH service.
  • Send an e-mail report including all ESXi hosts where the TSM-SSH service was stopped.

The customer’s vSphere administrators sometimes enable the ESXi host TSM-SSH service for troubleshooting purposes but forgets (or intentionally) leaves it running. A running ESXi host TSM-SSH service violates both the customer’s design and regulations.
Screen Shot 2013-06-13 at 13.07.52
I have previously written a blog post how to verify the ESXi host BPDU setting, change it if needed and send an e-mail report so i decided to use the same approach.

Use the below script to verify if the ESXi host TSM-SSH service needs to be stopped, stop it and send en e-mail report.
Change the red marked text in the script to your required values.

# ESXi Host TSM-SSH verification and configuration

# Version 1.0 Magnus Andersson
# Start of script parameters section
$vcenter = “vc-demo01.rtsvl.local
$vcenteruser = “hometestuser
$vcenterpw = “notsecret

$sendFrom = “vCenter@home.test
$sendTo = “magnus@home.test
$smtp = “smtp.home.test
# Connect to vCenter Server
connect-viserver $vcenter  -User $vcenteruser -Password $vcenterpw
# Verify if any configuration changes are necessary and if so, perform the configuration changes.
$SSHrunning = @()
get-vmhost | % {
if ($_ |Get-VMHostService | ?{$_.key -eq “TSM-SSH”} | ?{$_.Running -eq $true})
$SSHrunning +=$_.Name
Stop-VMHostService -HostService ($_ | Get-VMHostService | ?{ $_.Key -eq “TSM-SSH”} ) -Confirm:$false
# Send e-mail report
send-mailmessage -to $sendTo -from $sendFrom -Subject “Report – The TSM-SSH (SSH) service has been stopped for the following ESXi hosts ” -smtpserver $smtp -body ($SSHrunning | out-string)

The below figure shows the e-mail report you’ll receive if any ESXi hosts TSM-SSH service was stopped by the script.
Screen Shot 2013-06-13 at 13.34.17

The customer choose to schedule the above script on a daily basis the but i don’t know if they used the information in my blog post Schedule PowerCLI script in Windows task scheduler or not.