Portal Home > Knowledgebase > VMware Knowledge Base > Changing the port used by SSH on an ESXi 5.0 host

Changing the port used by SSH on an ESXi 5.0 host


Some environments have requirements for the ports utilized by a particular service. This method provides a workaround to allow ESXi 5.x to use a different port for SSH.


When making modifications, they are not normally persistent across reboots, you need a place holder where you can put the files to be able to copy them at boot time, a VMFS volume, for example.

  1. Open the required firewall ports. For more information, see User defined xml firewall configurations are not persistent across ESXi host reboots (2007381).

    This example shows a rule set .xml file to open TCP, port 2222:

    SSH 2222



  2. Copy /etc/services to permanent storage (it can be on the same location as the firewall rules are stored, such as /vmfs/volumes/datastore1/hostname_etc/).
  3. Edit the copy of services on permanent storage to and change the port for SSH.

    ssh 2222/tcp # SSH Remote Login Protocol
    ssh 2222/udp # SSH Remote Login Protocol

  4. Edit /etc/rc.local so the created files are copied back to host at boot time. These example lines would be added at the end of the file:

    #Copy the new firewall rule from vmfs place holder to file system
    cp /vmfs/volumes/datastore1/etc/ssh_2222.xml/etc/vmware/firewall/
    #refresh firewall rules
    esxcli network firewall refresh
    #Copy the modified services file from vmfs place holder to file system
    cp /vmfs/volumes/datastore1/etc/services/etc/services
    #Restart inetd to get the changes
    kill -HUP `cat /var/run/inetd.pid`

  5. Reboot the host, and attempt to connect to the host on the chosen port to verify that the changes were successful.

Based on VMware KB 2011818

Also Read