VMware vSphere ESXi 8.0
VMware vSphere ESXi 7.0
Note: VMware vSphere ESXi does not support preserving SSH-Keys for Active Directory users.
To allow SSH access to ESXi or ESX hosts with public/private key authentication:
/usr/lib/vmware/openssh/bin/ssh-keygent -rsa -b 4096
For more information, see the OpenBSD Reference Manual section in the OpenBSD
The above command will generate two files, private and a public key in the specified location. Example:
Private Key: key_file_name
Public Key: key_file_name.pub
cat key_file_name.pub >> authorized_keys)yes in /etc/ssh/sshd_config. /etc/ssh/sshd_config.
In ESXi version 8.0.1 and later, the PasswordAuthentication option is no longer configurable. To achieve equivalent functionality, set the ChallengeResponseAuthentication parameters to yes
esxcli system ssh server config set -k challengeresponseauthentication -v yes
Note: No need to restart the SSH service for the above esxcli command.
etc/init.d/SSH restartTo login from a linux machine(could be ESXi or vCenter appliance):
chmod 600 <private_key_file>ssh -i <private_key_file> -l root <esxi_hostname>
For more information on SSH, see SSH Security in ESXi
Configurable properties of SSH Server on ESXi 8.0.2 or later