The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Allowing SSH access to ESX hosts with public/private key authentication (1002866)
This article provides steps to allow SSH access to ESX/ESXi hosts with public/private key authentication rather than with username/password authentication.
To allow SSH access to ESX hosts with public/private key authentication:
- Generate public/private keys. For detailed instructions, see http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen. These instructions generate 2 files in ~/.ssh: id_rsa and id_rsa.pub.
Note: The preceding link was valid as of March 20, 2013. If you find the link to be broken, provide feedback on the article and a VMware employee will update the article as necessary.
In ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.
- On the remote host, store id_rsa.pub (the public key content) in ~/.ssh/authorized_keys.
For ESXi 5.0, the location of authorized_keys is: /etc/ssh/keys-<username>/authorized_keys
Note: More than 1 key can be stored in this file.
- To allow root access, change PermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.
- To disable password login, ensure that ChallengeResponseAuthentication and PasswordAuthentication are set to no.
- Reload the service with the command:
service sshd reload
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.