SSH Directly to Guestshell on NX-OS
Guest Shell is an LXC container that runs on Nexus switches (if enabled). Typically this separate execution space is accessed from the NX-OS CLI by typing guestshell. This article shows how to enable SSH within the Guest Shell so you can SSH directly to it.
Create User in NX-OS
Resize Guestshell
Disable the guestshell, resize resource allocations, re-enable guestshell.
# Disable guestshell to resize allocations
guestshell disable
y
# Resize guestshell allocations
guestshell resize cpu 10
guestshell resize mem 2048
guestshell resize rootfs 1024
guestshell enable
Set up SSHD Service
This assumes you're going use an IP address in the management VRF; e.g. mgmt0 interface IP address. Replace "management" in the ExecStart line with the appropriate VRF name if this is not the case.
sudo vi /usr/lib/systemd/system/sshd-management.service
[Unit]
Description=OpenSSH server daemon
After=network.target sshd-keygen.service
Wants=sshd-keygen.service
[Service]
EnvironmentFile=/etc/sysconfig/sshd
#ExecStartPre=/usr/sbin/sshd-keygen #NO LONGER VALID IN GUESTSHELL 4.0
ExecStart=/sbin/ip netns exec management /usr/sbin/sshd -f /etc/ssh/sshd-management_config -D $OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartSec=42s
[Install]
WantedBy=multi-user.target
Set up SSHD Config
Load & Start Service
sudo systemctl daemon-reload
sudo systemctl start sshd-management.service
sudo systemctl status sshd-management.service -l
# Enable the service to persist through reboots.
sudo systemctl enable sshd-management.service
Set up Authentication
Assign the guestshell "cisco" user the same password that was created in NX-OS.
(Optional) Copy pubkey for passwordless login.