Every once in a while I hit a topic that I just can’t find any information on. This happens to be one of those topics. If you want to change the SSH Port on ESXi 5.x, no problem, VMWare provides you with Knowledgebase article on that. And someone made it a little clearer in a blog post. But no where could I find any procedure that worked for ESXi 6.0, so here I am writing this article, as after 5 hours of messing around and not being able to login, having to reset the server setting each time, I feel the need to share my finding with everyone, hoping that it will easy the burden on those looking to find answers.

The steps in this article are much like those given for ESXi 5.x, however there were some changes made to ESXi 6.0 that make the other tutorial obsolete.

Step 1:

We need to copy 2 files to persistent storage.  We are not going to create new ones, simply copy previous ones as we will be overwriting the originals every boot.  Now I use the term copy loosely, because if you actually copy the files, you won’t be able to modify them as it copies over the read-only permissions.  So we will cat them instead.

Switch into the Volumes directory, as we need to find a volume to cat our files to

Now you will need to list the volumes so we can choose one

You will see a bunch of entries that look like this 570479cf-dfb956ef-edbf-934ce1239048 as well as some other names files, in my case there was datastore1 through datastore4.  I chose datastore1.

You will not at this point that the directory changed to its alpha numerical equivalent as datastore1 is simply a symlink. so you will see that you are in a directory that looks like this:

Take note as you will need to copy the full actual path into a file later, as the datastore1 path will NOT work.

Once you are in this directory we can cat the two files we need to modify:

Please Note: For some the below mentioned file may be “service.xml” and not “service.xml”. Please make sure you are modifying the correct file.
Now that we have an editable copy of the files on a persistent datastore, its time to edit them.

Step 2:

Open you the service.xml file we just made in the datastore using your favourite editor, I usually use vim (vi for short) but you can use Nano as well.  Make sure you are in the actual datastore directory from step 1.

You will see a bunch of entries, the first one should have a na id of sshServer

In this section you will see a <port></port> tag which has the port number 22 specified, change this to your desired port

save the file.  This changes the firewall rules so that port 2222 is used instead of 22.

Step 3:

Now we will need to edit the services file, this file dictated what services attach to which ports.

Scroll down till you see the entries for ssh on port 22 and change them to port 2222

Save the file.

Step 4:

As we now have our files modified to have the right ports associated with ssh we need to make sure the server uses our modified files and not the files it uses by default.  To do this we need to edit the /etc/rc.local.d/local.sh file, which is used to execute command during boot up:

If this is the first time editing this file, it should be empty save for a few commented out lines stating not to use this file unless you know what you are doing, and a “end 0” line at the very bottom.  You will put the following code between the comments and the “end 0” line:

This is where you need to remember the alpha number string that is your datastore.  Here is what mine looked like:

The first line overwrites the default firewall rules with the ones we specified
The second line refreshed the firewall, activating the new rules
The third line overwrites the services file which tells the system which ports to bind to the services
The fourth line restarts the network services.

Step 5:

Reboot.  Once the server comes back online, you will be able to access ssh on port 2222 instead of 22.