Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Allowing SSH access to ESXi/ESX hosts with public/private key authentication (1002866)

Details

This article provides steps to allow SSH access to ESXi/ESX hosts with public/private key authentication rather than with username/password authentication.

Solution

To allow SSH access to ESXi/ESX hosts with public/private key authentication:

  1. Generate public/private keys. For detailed instructions, see the OpenBSD Reference Manual from OpenBSD.

    Notes
    • These instructions generate two files in ~/.ssh: id_rsa and id_rsa.pub.
    • In ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.
    • The preceding link was valid as of November 26, 2013. If you find the link to be broken, provide feedback on the article and a VMware employee will update the article as necessary.

  2. On the remote host, store the public key content, id_rsa.pub in ~/.ssh/authorized_keys.

    Notes
    • For ESXi 5.0, the location of authorized_keys is: /etc/ssh/keys-<username>/authorized_keys
    • More than one key can be stored in this file.

  3. To allow root access, change PermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.
  4. To disable password login, ensure that ChallengeResponseAuthentication and PasswordAuthentication are set to no.
  5. Reload the service:

    • For ESXi, run the command:

      /etc/init.d/SSH restart

    • For ESX, run the command:

      service sshd reload
 
For alternative solutions and more information on SSH, see Uploading an SSH Key to Your ESXi Host from the VMware vSphere 5.5 documentation Center.

Update History

09/05/2012 - Added location of authorized_keys for ESXi5.0 03/20/2013 - Added location path for ssh-keygen command in 5.x 07/11/2013 - Added ESXi command to reload the service

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 11 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 11 Ratings
Actions
KB: