Note: VMware vSphere ESXi 7.0 does not support preserving SSH-Keys for non-root users.

To allow SSH access to ESXi or ESX hosts with public/private key authentication:

1. Generate public/private keys on ESXi. For more information, see the OpenBSD Reference Manual section in the OpenBSD.
   
   Note: The preceding link was valid as of December 12th, 2024. If you find the link to be broken, provide feedback on the article and a VMware employee will update the article as necessary.
   
   Notes:
   • These instructions generate two files in ~/.ssh: id_rsa and id_rsa.pub.
   • Starting from ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.
      
2. On the ESXi host, store the public key content, id_rsa.pub in ~/.ssh/authorized_keys. (e.g. cat id_rsa.pub >> authorized_keys)
   
   Notes:
   • For ESXi 5.x, 6.0, 6.5, 6.7 and 7.0, the authorized_keys is located at: /etc/ssh/keys-<username>/authorized_keys
   • More than one key can be stored in this file.
      
3. To allow root access, change PermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.
4. To disable password login, ensure that the ChallengeResponseAuthentication and PasswordAuthentication are set to no.
5. Reload the service:
   • For ESXi, run the command:

     # /etc/init.d/SSH restart

   • For ESX, run the command:

     # service sshd reload

      6.  Copy id_rsa to local desktop, and use it as the private key to SSH ESXi host

For more information on SSH, see Uploading an SSH Key in VMware documentation.

For translated versions of this article, see:

• 中文： 允许使用公钥/私钥身份验证对 ESXi/ESX 主机进行 SSH 访问