I Need To Make A Change With My IT Support! Call (225) 706-8414

Enable key-based authentication in ESXi

You need to be able to SSH to an ESXi box without having to enter a username and password (e.g. to run a script unattended).

Solution

You do this by creating an SSH keypair.

  1. Generate a key pair, using ssh-keygen (for *NIX systems) or puttygen.exe ( for Windows).  
    Note
    : if you use puttygen.exe, you will get a public key file resembling

    ---- BEGIN SSH2 PUBLIC KEY ----
    Comment: "rsa-key-YYYYMMdd"
    AAAAB3NzaC1yc2EAAAABJQAAAIEAm/d/kfpNDVksG9avcAufCPB4lMnQBH0cti1w
    w/ivJRcVerTam+fM3RgKu85hU1preXJeCjraE0F552KMOc7vr8aTww1CSBq+cV7B
    2swxRCl+j2BYoV+sDEPoISLUdYBSdMLnful15paEFceqMqkRbByETqX3PGf0hfmQ
    Sly+aNk=
    ---- END SSH2 PUBLIC KEY ----

    You will need to convert that the authorized keys file format like this:

    ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAm/d/kfpNDVksG9avcAufCPB4lMnQBH0cti1ww/ivJRcVerTam+fM3RgKu85hU1preXJeCjraE0F552KMOc7vr8aTww1CSBq+cV7B2swxRCl+j2BYoV+sDEPoISLUdYBSdMLnful15paEFceqMqkRbByETqX3PGf0hfmQSly+aNk= rsa-key-YYYYMMdd
  2. SSH to the ESXi server like normal and change directory to /etc/ssh/keys-username/ (e.g., to use that key to login as root, /etc/ssh/keys-root/).
  3. Edit the authorized_keys file (create it if necessary) and copy your public key into that file.
  4. Log out
  5. Provide your private key to your SSH client of choice and reconnect.  You should be given a shell without have to enter a password.

Concerned About Cyber Attacks?

CLICK HERE >

Want to Migrate to the Cloud?

CLICK HERE >
Office 365

Ready to Experience Microsoft Office 365?

Want the latest IT news directly in your inbox? Subscribe now!