无法在群集中不同主机上的来宾VM之间进行SSH SSH

Question

I'm having problems SSH'ing between ESXi guests that are on different hosts within the cluster. I've one guest that is on the routable cluster virtual network that I am using as a bastion server to access guests on a private network - the distributed port group spans all hosts.

I'm using SSH ProxyJump to route through the bastion host to the other guest VM's. When the guests on the private network are on the same cluster host as the bastion there is no problem. When the guests are on a different host, I get a connect refused by the remote server error. If I manually migrate the VM to the same cluster as the bastion, the error goes away.

I found this answer which relates to SSH'ing between ESXi hosts, not guests on hosts, and suggests that SSH Client needs to be allowed on the outgoing firewall of each host. It seems like it could be relevant, but my vSphere knowledge is limited and I don't have sufficient admin rights to make this change myself.

I'd be grateful if anyone could confirm if my inability to SSH between guests on different hosts is as a result of not having SSH Client enabled in the outbound firewall or if there is some other reason why I can't get an SSH connection?

Answer 1

From the link you posted:

You need to open the required ssh ports in the ESXi firewall.

In the vSphere Client check the host -> Configuration -> Security Profile -> Firewall -> Properties

and enable "SSH Client" if you need outgoing scp connections resp. "SSH server" if you want to enable incoming scp connections.

Instead of opening SSH client for outgoing firewall of each host, please configure it this way:

Outgoing Server Receiving Server SSH Client -> Outgoing firewall -> Incoming firewall -> SSH Server

Answer 2

这是一个潜在的网络问题-物理交换机丢弃了我的VLAN标记的数据包，因为未在其上配置VLAN ID。