Contributor
Contributor

passwordless SSH from ESXi to Linux

Jump to solution

Anyone know how to successfully do SSH from ESXi to Linux?  The following link outlines steps to get SSH working from Putty or an external OS to ESXi.  I tried to reverse the steps somewhat to make it work the other way around, but it doesn't seem to work.

http://communities.vmware.com/docs/DOC-8890

Thanks.

0 Kudos
1 Solution

Accepted Solutions
Immortal
Immortal

Looking into this, its a little funny.  Dropbear has the ability to create a valid keypair, but theres no actual ssh binary in ESXi.  However, you can make it happen.

1) "Create" an ssh symlink to dropbear: ln -s /sbin/dropbearmulti /bin/ssh

2) Create a keypair: dropbearkey -t dss -f privatekeyfile -s 1024. You'll end up with a file in the current directory called 'privatekeyfile' and the system will output a public key in SSH format on the screen:

~ # dropbearkey -t dss -f private -s 1024
Will output 1024 bit dss secret key to 'private'
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBAJbXscSKNxkxs3NYfMgMLs8tsh3iio9vFN3fzq8/5HrsgcGK3gHc+SQlLmhtP...hostname.domain
Copy all the lines of this starting from "ssh-dss" through to the end of "hostname.domain" to your clipboard.
3) Add this copied public key to your Linux host in the right location - usually ~/.ssh/authorized_keys:
linuxhost% cat .ssh/authorized_keys                                 
ssh-dss AAAAB3NzaC1kc3MAAACBANPYWCXvqAVK95Xa0qM1rUPM7h2CWB85d2Qk3paYsRU6x....
4) Now use the private key to make sure that it works from ESXi:
~ # ssh -i privatekeyfile username@domain.lan
Last login: Tue Apr 12 15:01:15 2011 from domain.lan
[user@host] (Linux 2.6.18-194.26.1.el5)
%                                                                                                            

Life is good!

--Matt VCDX #52 blog.cowger.us

View solution in original post

0 Kudos
5 Replies
Immortal
Immortal

At the ESXi command prompt, just type 'ssh username@hostname' and you shoudl be fine.

--Matt VCDX #52 blog.cowger.us
0 Kudos
Contributor
Contributor

Sorry, I should review my post first..before posting:)

I meant to ask how to do "passwordless" SSH from ESXi to Linux.  The article identifies how to convert the private key from dropbear format to openssh.  Do I need to do any conversion with the public key?

0 Kudos
Immortal
Immortal

Ahh, yeah, thats a little different.

let me test on my lab and see what I comeup with.

--Matt VCDX #52 blog.cowger.us
0 Kudos
Immortal
Immortal

Looking into this, its a little funny.  Dropbear has the ability to create a valid keypair, but theres no actual ssh binary in ESXi.  However, you can make it happen.

1) "Create" an ssh symlink to dropbear: ln -s /sbin/dropbearmulti /bin/ssh

2) Create a keypair: dropbearkey -t dss -f privatekeyfile -s 1024. You'll end up with a file in the current directory called 'privatekeyfile' and the system will output a public key in SSH format on the screen:

~ # dropbearkey -t dss -f private -s 1024
Will output 1024 bit dss secret key to 'private'
Generating key, this may take a while...
Public key portion is:
ssh-dss AAAAB3NzaC1kc3MAAACBAJbXscSKNxkxs3NYfMgMLs8tsh3iio9vFN3fzq8/5HrsgcGK3gHc+SQlLmhtP...hostname.domain
Copy all the lines of this starting from "ssh-dss" through to the end of "hostname.domain" to your clipboard.
3) Add this copied public key to your Linux host in the right location - usually ~/.ssh/authorized_keys:
linuxhost% cat .ssh/authorized_keys                                 
ssh-dss AAAAB3NzaC1kc3MAAACBANPYWCXvqAVK95Xa0qM1rUPM7h2CWB85d2Qk3paYsRU6x....
4) Now use the private key to make sure that it works from ESXi:
~ # ssh -i privatekeyfile username@domain.lan
Last login: Tue Apr 12 15:01:15 2011 from domain.lan
[user@host] (Linux 2.6.18-194.26.1.el5)
%                                                                                                            

Life is good!

--Matt VCDX #52 blog.cowger.us

View solution in original post

0 Kudos
Contributor
Contributor

Thanks, that works!

0 Kudos