I am clawing through issues to ignite small robo office builds and also POC / lab spaces where hardware is minimum.  One of my main issues is where EVC needs to be set... and vSAN can't join cluster without that set, and not mess itself up afterwards.

One task I need to get down is how to, once cluster is setup with EVC.  Shut down vCenter, and copy it out from locall VMFS volume of host to another host.. import... boot it up (which is now with EVC enabled.)  I saw this may be fixed with "per host EVC settings" but can't find any real examples..command line means to do this at esxcli or via direct vm configuration file edit...  but... I digress...

Question:  I can ssh into each host.. done.   But I can't SSH from one esxi Host to another.  I can ssh to myself (which is just baseline) I can ssh from other linux host on network (so SSH works and also no firewall issue). I can ping..  but not SSH.. or main goal would then be to "scp"

I swear you use to be able to do this in pre-7 versions... this is one of those.. hmm... that should just work...  What is weird is that to get around this you just disable firewall.   It has something to do with outbound rule

####

[root@thor:~] ssh root@odins.penguinpages.local -vvv
OpenSSH_8.3p1, OpenSSL 1.0.2x-fips 8 Dec 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug2: resolving "odins.penguinpages.local" port 22
debug2: ssh_connect_direct
debug1: Connecting to odins.penguinpages.local [172.16.101.102] port 22.
debug1: connect to address 172.16.101.102 port 22: Connection timed out
ssh: connect to host odins.penguinpages.local port 22: Connection timed out
[root@thor:~] vmkping -d 172.16.101.102 -I vmk1 -c 3 -s 8972
PING 172.16.101.102 (172.16.101.102): 8972 data bytes
8980 bytes from 172.16.101.102: icmp_seq=0 ttl=64 time=0.510 ms
8980 bytes from 172.16.101.102: icmp_seq=1 ttl=64 time=0.471 ms

--- 172.16.101.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.471/0.490/0.510 ms

[root@thor:~] esxcli network firewall set --enabled false
[root@thor:~] ssh root@odins.penguinpages.local
The authenticity of host 'odins.penguinpages.local (172.16.101.102)' can't be established.
ECDSA key fingerprint is SHA256:SPulRLB9pU2nIDrg0632rlxuTFI9noamhGWmIu+SMNI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'odins.penguinpages.local,172.16.101.102' (ECDSA) to the list of known hosts.
Password:
The time and date of this login have been sent to the system logs.

WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.

VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.

The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root@odin:~] exit
Connection to odins.penguinpages.local closed.
[root@thor:~]