Solved: Unable to ssh/scp from one esx host to another(But...

fusebox · ‎07-03-2008

Hi,

I have 3 esx hosts in the same network and are able to communicate with each other without any problem.Everything is working as its supposed to except the ssh. I am unable to ssh/scp from one esx host to another(As root or an unprivileged user) PermitRootLogin is set to yes in sshd_config. It used to work earlier. Dont know why it stopped working out of the blue.The esx firewall is turned off and I tried restarting the sshd service,no use.I am getting connection refused error at port 22.

The strange thing is I am able to ssh to each server from putty individually.But,when I try to ssh from one box to another from the same terminal,its just not working. Any ideas as to why this problem cropped up and how I can fix it? I havent made any changes or updates to the esx hosts. The ssh settings also seem to be fine.

lamw · ‎07-03-2008

Yep, happens all the time when you either reboot or HA get's re-configured. It's better to just open the SSH port on the ESX Firewall, it's more of a hassle to keep turning it off.

esxcfg-firewall -e sshClient sshServer

View solution in original post

lamw · ‎07-03-2008

You can watch the /var/log/messages or /var/log/secure while you login with tail -f, this might be able to tell you what's exactly going on. Are these two hosts on the same subnet? Are you logging in via IP Address or Hostname?

You can also verify that /etc/hosts.deny & /etc/hosts.allow doesn't have any special ACL's blocking addresses.

weinstein5 · ‎07-03-2008

By default the service console firewall is set to block SSH Client - which means you can not SSH from the service console to another device enabled for SSH - so either in the VI Client you will need to enable for SSHCLient or enable it through the command line using esxcfg-firewall but it osunds like you had it configured once - do not know why it owuld stop unless someone went it and modified the firewall -

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful

fusebox · ‎07-03-2008

Ok. This issue is resolved. I noticed that the outgoing connections on all the 3 esx hosts were blocking the sshserver connections. Found out that,our team had rebooted all the 3 hosts last week,after which the firewall by default blocked the outgoing sshserver connections when they came back up.Opened the outgoing ports in the esx firewall and now everything is working fine.

Thanks a lot for the inputs.

lamw · ‎07-03-2008

Yep, happens all the time when you either reboot or HA get's re-configured. It's better to just open the SSH port on the ESX Firewall, it's more of a hassle to keep turning it off.

esxcfg-firewall -e sshClient sshServer

fusebox · ‎07-03-2008

Yes! You are right. I dont know if someone modified the firewall or the esx server after the reboot modified it to the default settings. So,when I was checking the firewall status and the netstat commands,I found that outgoing connxns were being blocked,which surprised Me as I remember opening those ports explicitly to avoid this problem post installation.

lamw · ‎07-03-2008

You can check to see what your configurations are currently esxcfg-firewall -q and just verify that it's configured the way you want and disable any services you don't use, we disable some of the management API like CIM,IBM,etc other services. Also make sure esxcfg-firewall is set to autostart by checking your chkconfig for "firewall" chkconfig --list firewall to make sure it's enabled to run on the correct runlevels.

All

Unable to ssh/scp from one esx host to another(But able to ssh to individual esx hosts via putty)