VMWare vSphere Remote Access via SSH Tunnel

Port Tunnelling and Host files

Recently I had a need to┬áremotely┬áconnect the VMWare vSphere Client to an ESXi 5 host. I hadn’t got a VPN setup on that particular network yet, and my main remote access was usually to one of the VMs (which didn’t happen to be running at the time – yes, I know, bad move on my behalf…).

Thankfully, I had a couple of Linux server on that network of which I had SSH access to. This meant that I could easily setup a SSH tunnel from my local desktop, to that SSH server, which then forwarded the packets to the ESXi host. This should take less that 60 seconds to setup.

Using PuTTY, I set the server IP just like usual, then proceeded to add some settings to the Connection > SSH > Tunnel menu. The three ports vSphere client needs are 443, 902 and 903. One at a time, add these port numbers to the “Source port” field and the IP:Port to the “Destination” field. The IP address you use is the local IP of the ESXi or vSphere host, such as 192.168.15.51.

It should look something like this:

PuTTY Port Tunnelling for vSphere

Connect your SSH tunnel and login. If you point a web browser towards https://localhost/ you should see the ESXi welcome screen (where you can download the client software). This means the tunnel is working. However, having this isn’t good enough. If you try and connect to vSphere using ‘localhost’, it will chuck a wobbly and refuse to connect.

Instead, we need to go into the hosts file for your computer and create a record and point it back to localhost. This file is located at C:\Windows\system32\drivers\etc\hosts. You may need to grant yourself file permissions to write to this file in Windows 7.

The name you pick isn’t important. As you can see, I called mine ‘esxlocal’. It could easily be ‘lizlemon’ or ‘joshlyman’. It just needs to point back to 127.0.0.1.

Hosts file vSphere Port Tunneling

Once you’ve added this, you can open up the vSphere client and connect using the host name you just set in the hosts file and your usual credentials.

VMWare vSphere Client - Connection Window

This is all you need to connect. You should now have full access to the vSphere console, allowing you to administer your ESXi servers remotely.

Get the Broadcast Technology Newsletter

Sign up for the email newsletter about media and technology. Sent irregularly. No spam.

I'm Anthony Eden, and I'm a broadcast technician / software developer / technology solutions engineer. I've been working in broadcast media since 2008 (getting my start in Community Radio while still at school), and developing software and websites for just as long. Right now, I work in the broadcast industry and provide some freelance services through Media Realm.

Follow Anthony on Twitter: @anthony_eden