Syneto Knowledge

Open a ticket

How to Restrict SSH Access to a Single IP Address in VMware ESXi

Administrator

Written By Christian Castagna (Administrator)

Updated at October 21st, 2025

→ Applies to: VMware ESXi 6.5.0 and above

 

Step 1. Connect to VMware ESXi CLI (via SSH)

Step 2. Restrict access to a single allowed IP (replace <ip_address_client> with the IP address of the client that can connect to VMware ESXi)

esxcli network firewall ruleset set -r sshServer -e true
esxcli network firewall ruleset allowedip add -r sshServer -i <ip_address_client>

 

Step 3. Block access to other IP addresses

esxcli network firewall ruleset allowedip remove -r sshServer -i ALL

 

Step 4. Check firewall rules

esxcli network firewall ruleset allowedip list -r sshServer

Related Articles

How to Make a Fresh Installation of SynetoOS + VMware ESXi

The installation requires the entire physical host to be rebooted PREREQUISITES ■...

How to Change VMware ESXi IP Address and Netmask

→ Applies to: VMware ESXi 6.5 and above   Step 1.  Login to VMware ESXi GUI (repl...

How to Update VMware Tools

→ Applies to: VMware ESXi 6.5 and above On-line Mode Step 1.  Connect to VMware E...

How to Connect to Vmware ESXi CLI

→ Applies to: VMware ESXi 6.5 and above The connection can be established from an...