ullbergm
Enthusiast
Enthusiast

Sending SSH commands to ESXi

Has anybody figured out a way to use the SSH plugin to send commands to ESXi hosts without changing the SSH configuration file on the host to allow PasswordAuthentication?

PasswordAuthentication yes

Thanks,

Magnus

Check out my orchestration blog here: http://ullberg.us/orchestrate/
Tags (4)
0 Kudos
6 Replies
igorstoyanov
VMware Employee
VMware Employee

I believe that there is no other way since this is a security setting.

Visit http://blogs.vmware.com/orchestrator for the latest in Cloud Orchestration.
dimitrovg
VMware Employee
VMware Employee

The only other way is to use public/private keys, but you need to add the public key part to the esxi host in the authorized_keys file.

ullbergm
Enthusiast
Enthusiast

Yeah, what I have is a chicken and the egg problem. I can't script pushing out the public key without that setting being on but i can't connect without having my public key on the host... Smiley Sad

I was hoping someone had figured out some clever workaround..

Check out my orchestration blog here: http://ullberg.us/orchestrate/
0 Kudos
ullbergm
Enthusiast
Enthusiast

Looks like i can use plink.exe to run 'sed' on the host to reconfigure SSH to allow password authentication.

Not ideal, but it will work.

Check out my orchestration blog here: http://ullberg.us/orchestrate/
0 Kudos
cdecanini_
VMware Employee
VMware Employee

Have you checked if you can enable password authentication from the vCenter UI ? If you can there is likely an API call that does it.

Christophe.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter
0 Kudos
ullbergm
Enthusiast
Enthusiast

I have not found anything in the VI client, I looked through the advanced settings as well but nothing stood out.

I'm guessing that since it uses the standard /etc/ssh/sshd_config file that it is not something that is managed by the API. Plus, it is probably against the hardening guide as well. Smiley Sad

Check out my orchestration blog here: http://ullberg.us/orchestrate/
0 Kudos