Knowledge Base

To allow SSH access to ESX hosts with public/private key authentication:

1. Generate public/private keys. For detailed instructions, see http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen. These instructions generate 2 files in ~/.ssh: id_rsa and id_rsa.pub.
   
   Note: The preceding link was valid as of March 20, 2013. If you find the link to be broken, provide feedback on the article and a VMware employee will update the article as necessary.
   
   In ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.
   
   
2. On the remote host, store id_rsa.pub (the public key content) in ~/.ssh/authorized_keys.
   For ESXi 5.0, the location of authorized_keys is: /etc/ssh/keys-<username>/authorized_keys
   
   Note: More than 1 key can be stored in this file.
   
   
3. To allow root access, change PermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.
   
4. To disable password login, ensure that ChallengeResponseAuthentication and PasswordAuthentication are set to no.
   
5. Reload the service with the command:
   
   service sshd reload