ESX server SSH login only works from local lan
Hello
For some reason I can't seem to SSH into a recently deployed ESX server 7.0u2 when I am not "sitting" on the LAN. Despite having correct user / pass I get "permission denied".
This is my sshd config - anything obvious ?
For some reason I can't seem to SSH into a recently deployed ESX server 7.0u2 when I am not "sitting" on the LAN. Despite having correct user / pass I get "permission denied".
This is my sshd config - anything obvious ?
# Version 7.0.2.1
# running from inetd
# Port 22
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
# Fips mode restricts ciphers to only FIPS-permitted ciphers
# FipsMode yes
# vPP FCS_SSH_EXT.1.7: rekey after 1GB, 1H (instead of default 4GB for AES)
RekeyLimit 1G, 1H
SyslogFacility auth
LogLevel info
PermitRootLogin yes
PrintMotd yes
TCPKeepAlive yes
# Key algorithms used in SSHv2 handshake
# (ed25519 not allowed by current FIPS module)
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512
Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-256,hmac-sha2-512
UsePAM yes
# only use PAM challenge-response (keyboard-interactive)
PasswordAuthentication yes
Banner /etc/issue
Subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server -f LOCAL5 -l INFO
AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys
# Timeout value of 10 mins. The default value of ClientAliveCountMax is 3.
# Hence, we get a 3 * 200 = 600 seconds timeout if the client has been
# unresponsive.
ClientAliveCountMax 3
ClientAliveInterval 200
# sshd(8) will refuse connection attempts with a probability of "rate/100"
# (30%) if there are currently "start" (10) unauthenticated connections. The
# probability increases linearly and all connection attempts are refused if the
# number of unauthenticated connections reaches "full" (100)
MaxStartups 10:30:100
# ESXi is not a proxy server
AllowTcpForwarding no
AllowStreamLocalForwarding no
# The following settings are all default values. They are repeated
# here to simplify auditing settings (for example, DoD STIG).
IgnoreRhosts yes
HostbasedAuthentication no
PermitEmptyPasswords no
PermitUserEnvironment no
StrictModes no
Compression no
GatewayPorts no
X11Forwarding no
AcceptEnv
PermitTunnel no
# The following settings are disabled during the OpenSSH build.
# They are commented out to avoid spurious warnings in log files.
#GSSAPIAuthentication no
#KerberosAuthentication no
SSH is enabled ?
ESXi shell is enabled ?
No firewalls between ESXi server and where-ever you are ?
when you are not on the LAN where are you ?
ESXi shell is enabled ?
No firewalls between ESXi server and where-ever you are ?
when you are not on the LAN where are you ?
As Andrew asked... "when you are not on the LAN where are you ?"
So mention...
1) IP of your source machine/container where ssh fails.
2) IP of your ESX server.
So mention...
1) IP of your source machine/container where ssh fails.
2) IP of your ESX server.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
turned out to be some wierd firewall issue (not exacly sure what and a little out of time to fulkly track it down).
Thanks for pointing me in the right direction
Thanks for pointing me in the right direction
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
VMware
VMware, a software company founded in 1998, was one of the first commercially successful companies to offer x86 virtualization. The storage company EMC purchased VMware in 1994. Dell Technologies acquired EMC in 2016. VMware’s parent company is now Dell Technologies. VMware has many software products that run on desktops, Microsoft Windows, Linux, and macOS, which allows the virtualizing of the x86 architecture. Its enterprise software hypervisor for servers, VMware vSphere Hypervisor (ESXi), is a bare-metal hypervisor that runs directly on the server hardware and does not require an additional underlying operating system.
39K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
If you are able to get into the machine I would also suggest looking at the logs under /var/log/secure or /var/log/authlog depending on your configuration.