Allowing SSH access to ESX hosts with public/private key authentication (1002866)
- Generate public/private keys. For detailed instructions, see http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen. These instructions generate 2 files in ~/.ssh: id_rsa and id_rsa.pub.
Note: The preceding link was valid as of March 20, 2013. If you find the link to be broken, provide feedback on the article and a VMware employee will update the article as necessary.
In ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.
- On the remote host, store id_rsa.pub (the public key content) in ~/.ssh/authorized_keys.
For ESXi 5.0, the location of authorized_keys is: /etc/ssh/keys-<username>/authorized_keys
Note: More than 1 key can be stored in this file.
- To allow root access, change PermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.
- To disable password login, ensure that ChallengeResponseAuthentication and PasswordAuthentication are set to no.
- Reload the service with the command:
service sshd reload