Avatar of Alexandre Takacs
Alexandre TakacsFlag for Switzerland

asked on 

ESX server SSH login only works from local lan

Hello
For some reason I can't seem to SSH into a recently deployed ESX server 7.0u2 when I am not "sitting" on the LAN. Despite having correct user / pass I get "permission denied".

This is my sshd config  - anything obvious ?

# Version 7.0.2.1


# running from inetd
# Port 22
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key


# Fips mode restricts ciphers to only FIPS-permitted ciphers
# FipsMode yes


# vPP FCS_SSH_EXT.1.7: rekey after 1GB, 1H (instead of default 4GB for AES)
RekeyLimit 1G, 1H


SyslogFacility auth
LogLevel info


PermitRootLogin yes


PrintMotd yes


TCPKeepAlive yes


# Key algorithms used in SSHv2 handshake
# (ed25519 not allowed by current FIPS module)
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512
Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-256,hmac-sha2-512


UsePAM yes
# only use PAM challenge-response (keyboard-interactive)
PasswordAuthentication yes


Banner /etc/issue


Subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server -f LOCAL5 -l INFO


AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys


# Timeout value of 10 mins. The default value of ClientAliveCountMax is 3.
# Hence, we get a  3 * 200 = 600 seconds timeout if the client has been
# unresponsive.
ClientAliveCountMax 3
ClientAliveInterval 200


# sshd(8) will refuse connection attempts with a probability of "rate/100"
# (30%) if there are currently "start" (10) unauthenticated connections.  The
# probability increases linearly and all connection attempts are refused if the
# number of unauthenticated connections reaches "full" (100)
MaxStartups 10:30:100


# ESXi is not a proxy server
AllowTcpForwarding no
AllowStreamLocalForwarding no


# The following settings are all default values. They are repeated
# here to simplify auditing settings (for example, DoD STIG).
IgnoreRhosts yes
HostbasedAuthentication no
PermitEmptyPasswords no
PermitUserEnvironment no
StrictModes no
Compression no
GatewayPorts no
X11Forwarding no
AcceptEnv
PermitTunnel no


# The following settings are disabled during the OpenSSH build.
# They are commented out to avoid spurious warnings in log files.
#GSSAPIAuthentication no
#KerberosAuthentication no

Open in new window





SSH / Telnet SoftwareVMwareLinux Networking

Avatar of undefined
Last Comment
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Avatar of Anthony Garcia
Anthony Garcia
Flag of United States of America image

From your client where you are attempting to ssh, try using the -vvv flag to make the output of your ssh command extra verbose. That might give you a clue.
If you are able to get into the machine I would also suggest looking at the logs under /var/log/secure or /var/log/authlog depending on your configuration. 
Avatar of Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
SSH is enabled ?
ESXi shell is enabled ?

No firewalls between ESXi server and where-ever you are ?

when you are not on the LAN where are you ?
Avatar of David Favor
David Favor
Flag of United States of America image

As Andrew asked... "when you are not on the LAN where are you ?"

So mention...

1) IP of your source machine/container where ssh fails.

2) IP of your ESX server.
ASKER CERTIFIED SOLUTION
Avatar of Scott Silva
Scott Silva
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Alexandre Takacs

ASKER

turned out to be some wierd firewall issue (not exacly sure what and a little out of time to fulkly track it down).
Thanks for pointing me in the right direction
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
VMware
VMware

VMware, a software company founded in 1998, was one of the first commercially successful companies to offer x86 virtualization. The storage company EMC purchased VMware in 1994. Dell Technologies acquired EMC in 2016. VMware’s parent company is now Dell Technologies. VMware has many software products that run on desktops, Microsoft Windows, Linux, and macOS, which allows the virtualizing of the x86 architecture. Its enterprise software hypervisor for servers, VMware vSphere Hypervisor (ESXi), is a bare-metal hypervisor that runs directly on the server hardware and does not require an additional underlying operating system.

39K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo