Summary: How to change a config file on multiple esx servers using ssh.
Date: Around 2015
Refactor: 6 April 2025: Checked links and formatting.

I want to change a config file on multiple esx servers to solve the problem that after updating them to ESX version 4.1 I can't copy/paste into the VM console anymore. The solution is to add two lines to the /etc/vmware.config file. But I don't want to log on to each host and make the change. And ssh doesn't allow for passwordless logons unless you use key authentication. In this case I didn't want to do key authentication so created and used this script to solve my problem.

Some information to understand what the script does to bypass security checks from SSH:

• ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
  • The UserKnownHostsFile parameter specifies the database file to use for storing the user host keys (default is ~/.ssh/known_hosts).
  • The /dev/null file is a special system device file that discards anything and everything written to it, and when used as the input file, returns End Of File immediately.
  • By configuring the null device file as the host key database, SSH is fooled into thinking that the SSH client has never connected to any SSH server before, and so will never run into a mismatched host key.
  • The parameter StrictHostKeyChecking specifies if SSH will automatically add new host keys to the host key database file. By setting it to no, the host key is automatically added, without user confirmation, for all first-time connection. Because of the null key database file, all connection is viewed as the first-time for any SSH server host. Therefore, the host key is automatically added to the host key database with no user confirmation. Writing the key to the /dev/null file discards the key and reports success.

Note that this script requires expect on box where you run this script. You can check by issuing

which expect

which should return with where the executable can be found on your system.

You can't use variables that need to be executed on the remote host. Variables are parsed before they are executed on the remote host by expect/spawn so that won't work:

spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $HOST -l root \"iso=`cat $configfile | grep isolation | wc -l`; if [ $iso != "0" ]; then echo "skip host $host"; else echo $append1 >> $configfile; echo "$append2" >> $configfile; fi;\";\

As you can see I used a variable for the configfile to check whether the configfile already has the required lines in it. I thought it would be nice check, especially because on the command line on the esx host this worked:

iso=`cat $configfile | grep isolation | wc -l`; if [ $iso != "0" ]; then echo "skip host"; else echo $append1 >> $configfile; echo "$append2" >> $configfile; fi

However, as explained this didn't work an I replaced to just show the number of lines it had with isolation so I could check manually for double lines if required.

#!/bin/sh
#
 
# Variable
configfile="/etc/vmware/config"
append1='isolation.tools.copy.disable = FALSE'
append2='isolation.tools.paste.disable = FALSE'
 
stty -echo;
read -p "Input password:" A;
stty echo;
echo;
 
for HOST in esxbox501 esxbox84 esxbox79 esxbox52 esxbox78\
 esxbox51 esxbox53 esxbox54 esxbox76 esxbox77 esxbox71\
 esxbox72 esxbox12 esxbox13 esxbox09 esxbox10 esxbox14\
 esxbox15 esxbox16 esxbox17 esxbox18 esxbox20 esxbox19\
 esxbox21 esxbox59 esxbox60 esxbox68 esxbox69 esxbox63\
 esxbox64 esxbox85 esxbox62 esxbox61
do
 
echo "Connecting to $HOST"
expect -c "set timeout -1;\
spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $HOST -l root \"cat $configfile | grep isolation | wc -l; echo $append1 >> $configfile; echo $append2 >> $configfile;\";\
match_max 100000;\
expect *password:*;\
send -- $A\r;\
interact;"
echo "Finished job on $HOST"
 
done