Allowing SSH access to VMware vSphere ESXi/ESX hosts with public/private key authentication
book
Article ID: 313767
calendar_today
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
This article provides steps to allow SSH access to VMware vSphere ESXi/ESX hosts with public/private key authentication rather than with username/password authentication.
Environment
VMware vSphere ESXi 8.0 VMware vSphere ESXi 7.0
Resolution
Note: VMware vSphere ESXi does not support preserving SSH-Keys for Active Directory users.
To allow SSH access to ESXi or ESX hosts with public/private key authentication:
Generate public/private keys on ESXi by running the below command:
For more information, see the OpenBSD Reference Manual section in the OpenBSD
The above command will generate two files, private and a public key in the specified location. Example:
PrivateKey: key_file_name
Public Key: key_file_name.pub
On the ESXi host, store the public key content in /etc/ssh/keys-root/authorized_keys.
(e.g. cat key_file_name.pub >> authorized_keys)
Notes:
The above step will store the public key for the root user.
More than one key can be stored in this file.
Ensure the PermitRootLogin parameter is set to yes in /etc/ssh/sshd_config.
Note: (optional) To disable password logins via SSH to ESXi host, change ChallengeResponseAuthentication and PasswordAuthentication to no in /etc/ssh/sshd_config.
Reload the SSH service:
For ESXi, run the command:
/etc/init.d/SSH restart
To login from a linux machine(could be ESXi or vCenter appliance):
Copy the private key to the linux machine.
Browse to the path where the private key resides.
Change the permission on the private key file using the command: chmod 600 <private_key_file>