How to configure ESXi to use public key Authentication for SSH

This how-to describe how use a Linux machine with openssh client to connect (via ssh) to an ESXi host using DSA Key.

Create first a keypair:

ssh-keygen -t dsa

or

ssh-keygen -t dsa -f /userhome/media/DISK_A63AB3C0-8E73/.ssh/id_dsa

if you what to specify where save the keys.

Note: do not add passphrase if you what to use it on some script.

Then login to ESXi host and add your public key (.ssh/id_dsa.pub) to authorized_keys (copy and paste). Do not use ssh-copy-id; do not work on ESXi.

vi /etc/ssh/keys-root/authorized_keys

press i to insert; right click to past; :wq to save and quit vi.

Change /etc/ssh/ssh_config if you do not use default folders:

UserKnownHostsFile /userhome/media/DISK_A63AB3C0-8E73/.ssh/known_hosts
IdentityFile /userhome/media/DISK_A63AB3C0-8E73/.ssh/id_dsa

At the first run it will present you the server’s public DSA key fingerprint so you can compare it with the fingerprint you had previously taken and then add it to known_hosts file. If you added also the passphrase, it will ask for it.

If you do not what to modify the default ssh_config file, you can pass the custom config file via command line:

ssh -F ssh_config 2001:db8::10

To remove the passphrase type this:

ssh-keygen -p -f /userhome/media/DISK_A63AB3C0-8E73/.ssh/id_dsa
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s