Skip to Content

How to Connect to an ESXi host with Ansible

This guide shows you how to prepare an ESXi host, so that Ansible can be used with SSH Key-Based Authentication to automate administration tasks.


Did you know, it’s possible to automate admin tasks on VMware vSphere ESXi hosts with Ansible? For example, you might want to modify the hosts file on hundreds of ESXi hosts in your cluster. Or you could even automate the installation of Lets Encrypt SSL certificates on each host.

This post will show you how to prepare your hosts so that Ansible can communicate with them, allowing you to write playbooks for any kind of task you want to run.

The following steps have been tested on a VMware vSphere ESXi 6.7 virtual machine running on a MacBook Pro.

Step 1: Enable SSH on the ESXi Host

The first thing we need to do is enable SSH on our ESXi hosts. Login to each host via the web client and perform the following steps.

Click Manage.

Click Services, scroll down and click on TSM-SSH, click ActionsPolicy then Start and stop with host.

Click Actions again, then click Start.

Test you can connect to the host via SSH by running the following command at the terminal (replacing with the IP of your host):

$ ssh root@
The time and date of this login have been sent to the system logs.

   All commands run on the ESXi shell are logged and may be included in
   support bundles. Do not provide passwords directly on the command line.
   Most tools can prompt for secrets or accept them from standard input.

VMware offers supported, powerful system administration tools.  Please
see for details.

The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.


Step 2: Copy your SSH public key to the ESXi Host

You’ll notice in the previous step, a password was required when connecting via SSH. I’ve found Key-Based Authentication works better with Ansible so we’ll configure our host to use it in the following steps.Advertisements

The ssh-copy-id command won’t work with ESXi hosts because the authorized_keys file is in a none standard location.

Assuming you’ve already created a key pair on your local machine, running the following command on each host should copy your public key to the correct location.

cat ~/.ssh/ | ssh root@ 'cat >> /etc/ssh/keys-root/authorized_keys' 

After running the above command you should now be able to login via SSH without using a password.

Step 3: Create Ansible Hosts file

Next, we’ll create an Ansible hosts file by running the following command.

sudo vim /etc/ansible/hosts

Then adding the following contents to the file.



ansible_python_interpreter=/usr/bin/python3 ansible_connection=ssh ansible_user=root ansible_ssh_private_key_file=~/.ssh/id_rsa

Add as many hosts under the [esxi] section as you want, changing the IP or hostname to the ones in your cluster.

Step 4: Test connection the ESXi hosts

Now we should be able to ping all the hosts added the file in the previous step with the following command.

$ ansible esxi -m ping | SUCCESS => {
    "changed": false,
    "ping": "pong"


The steps in this post showed how to enable SSH on an ESXi 6.7 host and how to use key-based authentication to connect without a password.

We then created a simple Ansible hosts file and ran a test command to show that Ansible can communicate with our hosts.

You’re now ready to write complex playbooks to automate administration tasks on ESXi hosts. In the next post, I’ll show you how to use Ansible to generate a Lets Encrypt SSL certificate and install it on multiple ESXi hosts.