Controlling VMware ESXi server from VSphere client via SSH tunnel

0 20

Link gốc: http://www.emsperformance.net/2012/09/09/controlling-vmware-esxi-server-from-vsphere-client-via-ssh-tunnel/

Recently I was facing an issue of accessing ESXi servers in the lab network. This lab network topology is presented below (off course for this post all IP addresses are changed from the real ones). As one can see all the access to the internal lab network is going through the multihomed server running SSH, VNC and NX.

The problem with controlling ESXi hosts is that vSphere client can only be installed on Windows PC and this lab had no Windows PCs.

SSH port forwarding to the rescue

I figured – OK, I will try to do dynamic ssh port forwarding, but …

vSphere client doesn’t seem to support SOCKS proxy settings, which means that I needed to figure out ports involved in communication between vSphere client and ESXi host and then do ssh local port forwarding.

At this point I had to go to the lab, connect my Windows laptop to the switch and run wireshark while I was accessing ESXi hosts via vSphere client. Wireshark capture showed that only ports involved into communication on the ESXi side are ports :

  • 443
  • 902

At this point I left lab and went back to my desk.

Connected to SSH server in the lab with the following command

1
ssh -L 443:10.0.0.2:443 -L 902:10.0.0.2:902 user@10.1.0.1

Well, actually since I was on a Windows machine I had to use putty, so my settings were

And I tried to connect via vSphere to 127.0.0.1

vSphere didn’t like that.

And the reason is – our forwarded ports are listening on the localhost 127.0.0.1

But vSphere for some reason resolves 127.0.0.1 to my host name and then to my host name IP address of the Network Interface Card which is off course not 127.0.0.1

I found two possible solutions to that

Solution 1

Updating Windows hosts file with bogus host name pointing to 127.0.0.1 helped to fix this issue

After that modification I was able to connect to ESXi. Accessing console of the VMs worked fine too.

Solution 2

We can tell ssh to bind not to our localhost but to the IP address of the Network Interface Card.

For example IP address of my NIC was 192.168.0.32, so I did following adjustments in the putty

After that I was able to connect just by entering 127.0.0.1 in the vSphere IP address field

You might also like More from author

Leave A Reply

Your email address will not be published.