PowerCLI Series – sample useful scripts – stop SSH

Hello again,

In part 1 I helped you to get PowerCLI working.  Now we are going to look at some scripts that are very useful.  I am not a developer of scripts, but rather a consumer.  I can tweak them as necessary but I rather find something I need that is very close and that complete it.

This all starts where we finished before.  In PowerCLI and ready to work.

The first script is called AllHostsSSHStop and that is what it does.  The usage would be as below.

.\AllHostsSSHStop.ps1 vc_name

This will connect to the vC you specified, and will disable SSH on each of the hosts.  See below for what this will look like.


So a handy script for those that find your cluster(s) with a bunch of yellow alerts on SSH being enabled.  I do know some that think it is ok to leave SSH on all of the time, but I disagree and think the smallest attack surface reasonable is best.  So I like to have SSH not running if I don’t need it.

Lets see what the script looks like.

[code language=”powershell”]
# ———————————————————-
# Get all esx hosts and do something …
# DGress – 1/4/12
# MWhite – 1/5/12
# MWhite – 7/30/13 – repurpose for SSH off, etc
# ———————————————————-

$servername = $args[0]

# —— Test server name passed ——
if ($servername -eq $null) {
Write-Host "Error .. You must supply a vC name"
} else {
# — Always disconnect, reconnect ( prob better way)
Write-Host "Connecting to [$servername]"
Disconnect-ViServer -Confirm:$False
connect-viserver $servername

write-Host "StandBy .. gathering data!"

#— Get all hosts and keep only the name
$esxs = Get-VMHost | select name

# —- Main loop for every esx host ——–
foreach ($esx_host in $esxs) {

# ——–work to do ——–#
Write-Host "Processing Host –>" $esx_host.name
Get-VMHostService $esx_host.name | Where { $_.Key -eq “TSM-SSH”} | Stop-VMHostService -Confirm:$False | Out-null

} # End loop

We can see a number of things in the script.    In the Test Server name passed section (line 10) it is just making sure we tell the script what vC we want to work with.  After that it is making sure we care connected to the vC.  This in case you forgot to do that.  Than in line 24 the script is getting access to the names of the hosts.  In line 27 we have the loop that is run once for each host.  Line 31 is the payload.  In this case it stops SSH, but it could do other things as well.

The important thing to understand, is that this script has been used for a bunch of things.  But we only ever change the line near the end that starts Get-VMHostService – line 31.  That line can be replaced with whatever you need done.  And than when the script is run, that line will be executed for every host attached to the vC you point the script at.

So you have a new script, that connects to vC, and than for every host it fines there, it will stop SSH.  And you know how you can change the payload of the script – right?

As always, questions and comments welcome.  BTW, you can copy the script above and paste it into notepad, and call it whatever you want – with a .ps1 at the end – and move it to the scripts folder you have and you will be ready to go.


Part 1 – Getting Started with PowerCLI

2 thoughts on “PowerCLI Series – sample useful scripts – stop SSH

  1. This one-liner works too:

    get-VMHost -name *.*.* | Get-VMHostService | Where {$_.Key -eq “TSM-SSH”} | Stop-VMHostService

    Where *.*.*is a wildcard for your hosts

Leave a Reply