How to create a SSH Tunnel with vCenter

Published by Valentin on

I’m writing this post because multiple times I forgot how to set up an SSH Tunnel… Also, I want to share with you how I did it, and for me, as a tip, I will re-read this post.

Remark: VMware does not support this procedure; if you run it, it’s at your own risk.

Sometimes in an IT system/consultant/engineer life, you heard that security guys who managed the FW forgot your management firewall flows for your newly deployed application (Shit)… I know most of you face this problem multiple times! Don’t smile.

If it’s the case, this is how-to can help you to save time.

In a vSphere environment most of the time, the management plane is on the same layer. Also if vCenter can access 443/80 (GUI) you can access it through SSH by creating an SSH Tunnel.

Prerequisite:

  • Access on SSH to vCenter
  • Having the root password

Preparation:

  • Log on vCenter through SHH with roots
  • Edit /etc/ssh/sshd_config
    • Change AllowTcpForwarding from no to yes
    • note: I spent time with this parameter… thanks to a Friend for the Tip
  • Restart ssh service
    • systemctl restart sshd

Setup the tunnel:

  • In the category Session type the IP or FQDN of the vCenter in the Hostname field
  • In category Connection
    • Elapse SSH and Select Tunnels
      • Enable Local Ports to accept connections from other hosts
      • Enable Remote ports to do the same (SSH-2 only)
      • Source Port: 8080 (Customizable)
      • Destination: empty
      • Dynamic
      • IPv4
      • Click on Add to create the forwarder
Example of Final Output

Click on Open and connect with the root account.

The tunnel will stay open during all the time that the putty session is working

To verify that the Tunnel is created, just verify with CMD that port 8080 is listening

C:\Users\vcollin>netstat -aon | findstr 8080
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING       12612

Using the tunnel:

For using the tunnel, you need to configure your proxy (SOCKS Host) to use the Source port previously defined in Putty, like that

Now you can reach all other HTTP and HTTPS interfaces that are reachable from vCenter.

Cheers,

Valentin

Post Views: 227
Categories: vCenter
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

SDDC

ESXi Maintenance mode : Failed to enter namespaces maintenance mode

ESXi Maintenance mode : Failed to enter namespaces maintenance modeAfter time of investigation, I found that there is one certificate expired: WCP

SDDC

Proxy enable: Failed to deploy OVF Package

With time, and the evolution of vSphere products like VMware Lifecycle Manager; it’s possible that you stopped to use UMDS service (Update Manager Download Service). For just enabling the proxy feature on the vCenter management Read more…