Portal Home > Knowledgebase > VMware Knowledge Base > Configuring the ESX host firewall for SSH

Configuring the ESX host firewall for SSH

Purpose

This document guides you through configuring the ESX host firewall for SSH access.

Resolution

To ensure that the SSH service is enabled in the ESX host firewall through the VMware Infrastructure/vSphere Client:
  1. Log in to VirtualCenter/vCenter Server or directly to the ESX host with the vSphere Client as an administrative user.
  2. Click the ESX host in the inventory.
  3. Click the Configuration tab.
  4. Click the Security Profile Link.
  5. Review the Firewall properties and ensure that SSH Server is listed under Incoming Connections. If SSH Server is not listed:
    1. Click Properties.
    2. Select the SSH Server check box.
    3. Click OK.

      Note: If you want to be able to use SSH from the ESX host, ensure that the SSH Client option is checked using the same steps as outlined above.

Alternatively to enable this from the ESX service console: 

  1. Log in to the ESX service console as root .
  2. Type this command to determine if the sshServer port is enabled on the firewall:

    [root@server]# esxcfg-firewall -q sshServer

    Note: If you receive the error bash: esxcfg-firewall: command not found, execute:

    su - and press Enter to try again.


  3. Type this command to open the firewall port in case it is blocked:

    [root@server]# esxcfg-firewall -e sshServer


Note: To close the SSH server port, type esxcfg-firewall -d sshServer.

Note: If you want to be able to use SSH from the ESX host, sshClient must be enabled using the same steps as outlined above.

Based on VMware KB 1003808

Also Read

Language: