VMware Cloud Community
deanflyer
Enthusiast
Enthusiast
‎04-07-2009 06:58 AM

ESXi - SSH Login RSA Key Problems

Has anyone come up with a method to reliably login to ESXi using SSH keys? Im trying to lock down the security on my ESXi box.

I have tried using dropbear within ESXi as well as puttygen to generate the private/public key pair, but to no avail.

I can log in fine using SSH, but as soon as I try to authenticate using the private key I get "server refused our key" error message.

1. Generate private/public keypair (tried using drobear and puttygen)

2. Copy public key to /.ssh/authorized_keys in ESXi root directory and set appropriate permissions (chmod 600)

3. Use putty to access ESXi using privatekey for authorisation.

Have looked in /var/log/messages, nothing listed there. Another post I saw referred to /var/log/secure but I dont have this log file on my ESXi server.

Any help would be much appreciated.

Dean

6 Replies
FluxNooB
Contributor
Contributor
‎04-08-2009 06:09 AM

I having the exact same issues, I confess I'm a complete newbie to the linux environment and SSH. I've been trawling the net looking for solutions but as yet have not got very far. I can login via SSH with root username and password but not using shared keys. Any help would be greatly appreciated .

0 Kudos
iwienand
Enthusiast
Enthusiast
‎04-08-2009 09:38 AM

Im trying to lock down the security on my ESXi box

You realise that ssh is a development convenience, and as such doesn't receive any of the QA or security analysis that the supported mechanisms receive? So really by having it enabled you have created an attack vector.

That said, it should "just work". Are you sure you didn't put line-breaks in the line? I've only ever done it with keys generated by openssh, so you might like to try that too. Does the same key to let you log into another system?

0 Kudos
inforhunter
Enthusiast
Enthusiast
‎11-05-2013 04:48 PM

I have the same issue,but finally resolved it.here is steps:

1.Generate private/public key via puttygen.

2.Store private key on  local

3.Copy  the public key displays in the puttygen form.(Attention:Do not save the public key as a Windows file,and then copy key code from the file to ESXi,because the key will break into several lines)

4.paste the key in to ESXi's /etc/ssh/key-<username>/authorized_keys

5.restart sshd:/etc/init.d/SSH restart

6.login via Putty with the private key

ruby12
Contributor
Contributor
‎11-10-2013 09:21 AM

Hi

Welcome to the communities.

Could you please change chmode from 600 to 777 and test it .

Using above steps need to confrom that there is security or permission problem.

There is no limit to courage.
0 Kudos
Norbs
Contributor
Contributor
‎03-20-2014 07:08 PM

Thank you this was extremely helpful. Been taking a linux class and ssh cert authentication was the subject today. My first idea was "ooh this would be awesome on my esxi server".

inforhunter wrote:

I have the same issue,but finally resolved it.here is steps:

1.Generate private/public key via puttygen.

2.Store private key on  local

3.Copy  the public key displays in the puttygen form.(Attention:Do not save the public key as a Windows file,and then copy key code from the file to ESXi,because the key will break into several lines)

4.paste the key in to ESXi's /etc/ssh/key-<username>/authorized_keys

5.restart sshd:/etc/init.d/SSH restart

6.login via Putty with the private key

0 Kudos
uvdevnull
Enthusiast
Enthusiast
‎12-19-2022 04:51 PM

If you still get "server refused our key" after doing what inforhunter proposed, I had to do the following in my ESXi 7.0 installation to make this work. Apparently there is a format mismatch between what Puttygen generates and what OpenSSH expects so it has to be adjusted as described here:

https://www.walkernews.net/2009/03/22/how-to-fix-server-refused-our-key-error-that-caused-by-putty-g...

0 Kudos