In this post, we explore how to access a virtual machine hosted on an ESXi server using SSH—that is, how to access and extract files from inside a VM directly via the ESXi host.
The Scenario
Sometimes, while managing VMware environments, you may encounter a situation where a VM’s network configuration appears normal but, due to certain network or system issues, the virtual machine suddenly becomes unreachable from external sources. In such cases:
- The VM fails to respond to ping requests from outside, and it cannot reach external networks (including the gateway).
- The only system that can still access the VM is the ESXi host itself.
When you need to extract files or logs from the VM under these circumstances, you must work through the ESXi host.
Prerequisites for Retrieving VM Files via ESXi
Before you begin, ensure the following:
- Connectivity:
The ESXi host must be able to communicate with the VM (i.e., the VM should be pingable from ESXi). - SSH on ESXi:
SSH must be enabled on the ESXi host. (Make sure the ESX firewall allows SSH client access.) - VM Network Settings:
The VM’s internal network and firewall settings should permit SSH connections, and the SSH service must be running.
For example, if your VM runs Ubuntu Linux, verify that its firewall and SSH daemon are configured correctly by running:
sudo ufw status
sudo systemctl status sshd
You should see that the firewall is disabled and the SSH daemon (sshd) is active.
Additionally, log in to the ESXi host via SSH and review the options for the ssh and scp commands to familiarize yourself with the available parameters.
Copying a File from the VM via ESXi
Once the prerequisites are met, you can retrieve a file from the VM using the following command on the ESXi host. (Note: You must know the complete path of the file within the VM.)
scp <VM_username>@<VM_IP_address>:/full/path/to/file /local_ESXi_directory
For example:
scp root@10.x.x.x:/tmp/test.txt /vmfs/volumes/xxxx
Note:
If you encounter an error such as:
ssh: connect to host 10.x.x.x port 22: Connection timed out
then you need to enable the SSH client on the ESXi firewall by executing:
esxcli network firewall ruleset set --enabled=true --ruleset-id=sshClientAfter enabling this setting, run the scp command again. Once you enter the VM’s password, the file (e.g., /tmp/test.txt) should be successfully copied to the designated directory on the ESXi host.
Summary of Practical Tips
- Accessing VM Files via ESXi:
When external network access is unavailable, use SSH from the ESXi host to access the VM’s files. - Copying Files to ESXi:
Utilize thescpcommand to transfer files from the VM to the ESXi host. - Ensuring Access Despite External Issues:
Enable the SSH client on ESXi so that even if external connectivity fails, you can still access internal VM data.
Mastering the technique of extracting files from a VM via ESXi not only enhances your troubleshooting efficiency but also ensures that critical data remains accessible and secure during routine operations.
VM技术助理
