• The Host Client UI (web interface) is accessible, and the host is successfully connected and managed by vCenter Server.
• However, attempts to connect to the ESXi host via Secure Shell (SSH) fails even though SSH service is enabled and running on the host.

VMware ESXi

• Default route for ESXi host is configured on a non-management VMkernel interface.
• Management VMkernel adapter, typically vmk0, is assigned a gateway IP address that is not on the same IP subnet as the vmk0 IP address.
• ESXi host's default route is therefore incorrectly directed through a gateway associated with a different network or another VMkernel adapter.
• This misrouting causes received packets for incoming SSH connections to be sent out the wrong interface, resulting in a connection failure or timeouts.
• This can be verified by accessing the DCUI of the ESXi host post enabling shell and by running the command below
  • • esxcfg-route -l

A sample snippet

• In this case, the default route is on vmk1 instead of vmk0 where the management interface is enabled.

• Access the DCUI of the ESXi Host --> Configure management network --> IPv4 configuration/IPv6 configuration.
• Ensure the correct gateway IP for Management network is within the subnet.

Refer to the article to know more about accessing ESXi host DCUI screen --> Accessing DCUI/Console of ESXi using ALT+F Keys

Refer to the article to know more about configuring static routes on the ESXi host --> Configuring static routes for vmkernel ports on an ESXi host