Allowing SSH access to ESX hosts with public/private key authentication

Allowing SSH access to ESX hosts with public/private key authentication (1002866)

Details

This article provides steps to allow SSH access to ESX/ESXi hosts with public/private key authentication rather than with username/password authentication.

Solution

To allow SSH access to ESX hosts with public/private key authentication:

  1. Generate public/private keys. For detailed instructions, see http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen. These instructions generate 2 files in ~/.ssh: id_rsa and id_rsa.pub.

    Note: The preceding link was valid as of March 20, 2013. If you find the link to be broken, provide feedback on the article and a VMware employee will update the article as necessary.

    In ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.

  2. On the remote host, store id_rsa.pub (the public key content) in ~/.ssh/authorized_keys.
    For ESXi 5.0, the location of authorized_keys is: /etc/ssh/keys-<username>/authorized_keys

    Note: More than 1 key can be stored in this file.

  3. To allow root access, change PermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.
  4. To disable password login, ensure that ChallengeResponseAuthentication and PasswordAuthentication are set to no.
  5. Reload the service with the command:

    service sshd reload

 

original page

Добавить комментарий

Войти с помощью: 

Ваш e-mail не будет опубликован. Обязательные поля помечены *