That's some very useful info.  Thanks!

Part 2 of this question... how can I automate this so that the keys survive a reboot of ESXi?  I assume I'll have to place the key files on a vmfs volume and do something with rc.local to copy them to the correct locations, is there a walkthrough on this anywhere?

Thanks!

Regarding persisting the SSH keys or other files, take a look here:

http://www.virtuallyghetto.com/2011/08/how-to-persist-configuration-changes-in.html

http://www.virtuallyghetto.com/2011/08/how-to-persist-configuration-changes-in_09.html

THanks for yor Information.:) I really got muich information in this discssion. Thanks to all.

AWo,

I done follwing steps to take ssh ,But still it asing Password for me.Please review my below procedure. Please corrct me , if i did anything wrong.

1./usr/lib/vmware/openssh/bin/ssh-keygen -r rsa

2.New RSA pub key stored ont he /.ssh/id_rsa.pub location

3.Copied pub file from ESXi to RHEL /.ssh/authorization_keys file.

4.Chmod 770 /.ssh/ folders

5.Restard the SSH dameon

6.Take SSH Root@Ip

Stil asking the passowrd.PLease guide me here

Thanks

Bhoobhu

Wrong thread, isn't it? That is not yours.....

You need to copy the private key to your ssh client. Then copy the public key into the "authorized_keys" file on the ESXi host under the key directory of the user you use to connect:

cp /.ssh/id_rsa.pub /etc/ssh/keys-root/authorized_keys

Then use "ssh -i <private key file> -l root <hostname>" to connect

The private key is used on the client, not the public key!!! Imagine the public key (which is public as the name states) would be used to connect to the host. That would mean everybody can connect to the host. Therefore you need to keep the private key secret as this allows you to connect without any password.

AWo

Can you Please elaborate...

In ESXi ,

cp /.ssh/id_rsa.pub /etc/ssh/keys-root/authorized_keys

I have to run the commands,is it  correct?

In RHEL,

I have to run the command ,ssh -i <private key file> -l root <hostname>

is this correct? If yes, shall i copy  the id_dsa(Prvate key file ) from ESXi to RHEL.

You just repeated what I wrote....

AWo

🙂

And here is a walkthrough that Kyle Gleed posted

Maish

VMTN Moderator | vExpert

Author of VMware vSphere Design

@maishsk | My Blog

Maish schrieb:

And here is a walkthrough that Kyle Gleed posted

Can you also provide a drive-in? I'm too lazy to walk today as it is too hot....

AWo

Hi Awo,

Again It asking Passpharse :smileyplain:...to allow login.

With out Passphares

You created the key-pair without a password by just hiting enter when keygen asked for a passphrase?

Post the content of your ESXi /etc/ssh/sshd_config.

AWo

My /etc/ssh/sshd_config Content

# running from inetd
# Port 2200
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

UsePrivilegeSeparation no

SyslogFacility auth
LogLevel info
RSAAuthentication yes
PubkeyAuthentication yes
PermitRootLogin yes

PrintMotd yes
PrintLastLog no

TCPKeepAlive yes

X11Forwarding no

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc

MACs hmac-sha1,hmac-sha1-96

UsePAM yes
# only use PAM challenge-response (keyboard-interactive)
PasswordAuthentication no

Banner /etc/issue

Subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server

AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys

# Timeout value of 10 mins. The default value of ClientAliveCountMax is 3.
# Hence, we get a  3 * 200 = 600 seconds timeout if the client has been
# unresponsive.
ClientAliveInterval 200

Looks fine....

So,

1. "ssh-keygen -t rsa" without entering a password.

2. Copy /.ssh/id_rsa to remote host

3. Copy /.ssh/id_rsa.pub to /etc/ssh/keys-root/authorized_keys

4. On remote host use ssh -i id_rsa -l root <hostname>

And you are still prompted for a password? Have you checked if the content of authorized_keys and id_rsa.pub is the same?

AWo

Thanks lot AWo..........I can able to take ssh without entering the password now.

Thanks You so much