Note: ESXi 7.0 does not support preserving SSH-Keys for non-root users.

To allow SSH access to ESXi or ESX hosts with public/private key authentication:

1. Generate public/private keys on ESXi. For more information, see the OpenBSD Reference Manual section in the OpenBSD.
   
   Note: The preceding link was valid as of June 22, 2016. If you find the link to be broken, provide feedback on the article and a VMware employee will update the article as necessary.
   
   Notes:
   • These instructions generate two files in ~/.ssh: id_rsa and id_rsa.pub.
   • Starting from ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.
      
2. On the ESXi host, store the public key content, id_rsa.pub in ~/.ssh/authorized_keys. (e.g. cat id_rsa.pub >> authorized_keys)
   
   Notes:
   • For ESXi 5.x, 6.0, 6.5, 6.7 and 7.0, the authorized_keys is located at: /etc/ssh/keys-<username>/authorized_keys
   • More than one key can be stored in this file.
      
3. To allow root access, change PermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.
4. To disable password login, ensure that the ChallengeResponseAuthentication and PasswordAuthentication are set to no.
5. Reload the service:
   • For ESXi, run the command:

     # /etc/init.d/SSH restart

   • For ESX, run the command:

     # service sshd reload

Additional Information

• 中文： 允许使用公钥/私钥身份验证对 ESXi/ESX 主机进行 SSH 访问 (2086205)
• 日本語: 公開/秘密鍵認証で、ESXi/ESX ホストへの SSH のアクセスを許可する (2080948)