Sean, I think I would agree with Brad using Guac as an access method to the ESXi SSH consoles as a better security stance.
1. ESXi host firewalls can be configured to only allow SSH from those guac sources. 2. Guac as of 1.5.1 can be configured to record user interaction sessions. 3. Guac history can show what users are accessing ESXi as root. 4. If you're using a secrets store users won't need to know root passwords. All that said however I don't know why Brad's having the connection issues. From: Sean Hulbert <shulb...@securitycentric.net.INVALID> Sent: Monday, June 5, 2023 11:30 AM To: user@guacamole.apache.org Subject: RE: SSH Connections --- VMWare Hosts It is fundamentally a bad idea to go directly to your HOST VMware server, you should use a jumper (utility) VM with connection to the Host on the backend, like windows server 2019 or 2022. Thank You Sean Hulbert From: Brad Turnbough [mailto:bturnbo...@backlundinvestment.com] Sent: Monday, June 5, 2023 9:00 AM To: user@guacamole.apache.org <mailto:user@guacamole.apache.org> Subject: SSH Connections --- VMWare Hosts Hi All, I'm attempting to connect to VMWare ESXi 7.0 hosts from guacamole. I'm not running anything out of the ordinary. SSH is running and accessible from the Guacamole host. I can log into the VMWare host via ssh from the Guacamole host (command line). When I attempt to connect to the VMWare host via the Guacamole interface, I'm immediately given the: "The remote desktop server encountered an error and has closed the connection. Please try again or contact your system administrator" I'm assuming there is a setting or something needed, but I'm not sure what that setting is. Can someone please help? Thanks, Brad Thank you, Brad Turnbough Senior Technology Analyst P: 309.272.2739 F: 309.272.2839 www.betterbanks.com <http://www.betterbanks.com/> www.statestreetbank.com <http://www.statestreetbank.com> NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). If you are not the intended recipient, nor the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply e-mail and then delete this message, including any attachments.
