VMware Cloud Community
vnuser
Contributor
Contributor
Jump to solution

passwordless SSH from ESXi to Linux

Anyone know how to successfully do SSH from ESXi to Linux?  The following link outlines steps to get SSH working from Putty or an external OS to ESXi.  I tried to reverse the steps somewhat to make it work the other way around, but it doesn't seem to work.

http://communities.vmware.com/docs/DOC-8890

Thanks.

Reply
0 Kudos
1 Solution

Accepted Solutions
mcowger
Immortal
Immortal
Jump to solution

Looking into this, its a little funny.  Dropbear has the ability to create a valid keypair, but theres no actual ssh binary in ESXi.  However, you can make it happen.

1) "Create" an ssh symlink to dropbear: ln -s /sbin/dropbearmulti /bin/ssh

2) Create a keypair: dropbearkey -t dss -f privatekeyfile -s 1024. You'll end up with a file in the current directory called 'privatekeyfile' and the system will output a public key in SSH format on the screen:

~ # dropbearkey -t dss -f private -s 1024
Will output 1024 bit dss secret key to 'private'
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBAJbXscSKNxkxs3NYfMgMLs8tsh3iio9vFN3fzq8/5HrsgcGK3gHc+SQlLmhtP...hostname.domain
Copy all the lines of this starting from "ssh-dss" through to the end of "hostname.domain" to your clipboard.
3) Add this copied public key to your Linux host in the right location - usually ~/.ssh/authorized_keys:
linuxhost% cat .ssh/authorized_keys                                 
ssh-dss AAAAB3NzaC1kc3MAAACBANPYWCXvqAVK95Xa0qM1rUPM7h2CWB85d2Qk3paYsRU6x....
4) Now use the private key to make sure that it works from ESXi:
~ # ssh -i privatekeyfile username@domain.lan
Last login: Tue Apr 12 15:01:15 2011 from domain.lan
[user@host] (Linux 2.6.18-194.26.1.el5)
%                                                                                                            

Life is good!

--Matt VCDX #52 blog.cowger.us

View solution in original post

Reply
0 Kudos
5 Replies
mcowger
Immortal
Immortal
Jump to solution

At the ESXi command prompt, just type 'ssh username@hostname' and you shoudl be fine.

--Matt VCDX #52 blog.cowger.us
Reply
0 Kudos
vnuser
Contributor
Contributor
Jump to solution

Sorry, I should review my post first..before posting:)

I meant to ask how to do "passwordless" SSH from ESXi to Linux.  The article identifies how to convert the private key from dropbear format to openssh.  Do I need to do any conversion with the public key?

Reply
0 Kudos
mcowger
Immortal
Immortal
Jump to solution

Ahh, yeah, thats a little different.

let me test on my lab and see what I comeup with.

--Matt VCDX #52 blog.cowger.us
Reply
0 Kudos
mcowger
Immortal
Immortal
Jump to solution

Looking into this, its a little funny.  Dropbear has the ability to create a valid keypair, but theres no actual ssh binary in ESXi.  However, you can make it happen.

1) "Create" an ssh symlink to dropbear: ln -s /sbin/dropbearmulti /bin/ssh

2) Create a keypair: dropbearkey -t dss -f privatekeyfile -s 1024. You'll end up with a file in the current directory called 'privatekeyfile' and the system will output a public key in SSH format on the screen:

~ # dropbearkey -t dss -f private -s 1024
Will output 1024 bit dss secret key to 'private'
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBAJbXscSKNxkxs3NYfMgMLs8tsh3iio9vFN3fzq8/5HrsgcGK3gHc+SQlLmhtP...hostname.domain
Copy all the lines of this starting from "ssh-dss" through to the end of "hostname.domain" to your clipboard.
3) Add this copied public key to your Linux host in the right location - usually ~/.ssh/authorized_keys:
linuxhost% cat .ssh/authorized_keys                                 
ssh-dss AAAAB3NzaC1kc3MAAACBANPYWCXvqAVK95Xa0qM1rUPM7h2CWB85d2Qk3paYsRU6x....
4) Now use the private key to make sure that it works from ESXi:
~ # ssh -i privatekeyfile username@domain.lan
Last login: Tue Apr 12 15:01:15 2011 from domain.lan
[user@host] (Linux 2.6.18-194.26.1.el5)
%                                                                                                            

Life is good!

--Matt VCDX #52 blog.cowger.us
Reply
0 Kudos
vnuser
Contributor
Contributor
Jump to solution

Thanks, that works!

Reply
0 Kudos