By default SSH access for the root user is disabled. Which also means SCP access is not available.
Here's the quick run down:
- Login to the ESX Console as root
- Type # vi /etc/ssh/sshd_config from the cmd prompt
- Scroll down the file until you see: PermitRootLogin: no
- Scroll over to the start of the no, hit delete 3 times.
- Hit :i to enter into insert mode, then type yes
- Hit esc to get out of insert mode, then type :wq and hit enter to save the changes.
- Type # grep ‘PermitRootLogin’ /etc/ssh/sshd_config to verify the change was made.
Your best to put a firewall rule on the service console port of your ESX server only allowing access from a few management workstations. I use putty and winSCP to ssh into my ESX Servers. Putty to get to the console and winSCP to transfer ISO images to my NFS share on the NAS.