Unable to SSH to ESXi host
Article ID: 419885
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Symptom:
- "SSH for the host has been enabled" prompt is not seen on the host.
Example from a host where SSH service is enabled and the prompt is seen on the Summary tab of the host - - SSH service is running on the ESXi host but still the user is unable to access CLI from any tools which supports ssh protocol like putty.
- Login to DCUI console from hardware interface like iLO (Accessing Direct Console User Interface (DCUI) from an SSH session) and confirm the following:
- Port 22 connectivity
[root@esxi02:~] esxcli network ip connection list | grep LISTEN | grep :22tcp 0 0 0.0.0.0:22 0.0.0.0:0 LISTEN ####### newreno busyboxtcp 0 0 192.#.#.#:2233 0.0.0.0:0 LISTEN ####### newrenotcp 0 0 127.#.#.1:2233 0.0.0.0:0 LISTEN ####### newreno
- Port 22 connectivity
-
- Following services are in running state on the ESXi host:
-
[root@esxi02:~] /etc/init.d/SSH statusSSH login is started
-
- Following services are in running state on the ESXi host:
-
-
[root@esxi02:~] /etc/init.d/hostd statushostd is running.
-
-
-
[root@esxi02:~] /etc/init.d/vpxa statusvpxa is running
-
Environment
VMware vSphere ESXi
Cause
- Host's firewall SSH Server service is manually configured by the user to connect through only a specific IP.
Example -[root@esxi02:~]esxcli network firewall ruleset allowedip list --ruleset-id=sshServer
Ruleset Allowed IP Addresses
---------- --------------------
sshServer 10.#.#.#
Resolution
- Select problematic host > Configure > Firewall > Edit > Secure Shell > select, SSH Server > Enable the toggle box for "Allow connections from any IP address" > OK.
Example -
or, use CLI to run the below command on the host -[root@esxi02:~] esxcli network firewall ruleset set --ruleset-id=sshServer --allowed-all=true
Feedback
Yes
No
Powered by
