To create my keys I did teh following:

1 Open PuttyGen and select Generate, move the cursor around the space to generate the key.

2. Enter a "Key comment" for Reference purposes.

3. Enter a "Key Passphrase" then "Confirm Passphrase".

4. Click on "Save Public Key" and save it as a id_rsa.pub on the desktop.

5. Click on "Save Private Key" and save it as a id_rsa.ppk on the desktop.

6. Highlight, and copy the contents of the key window "ssh-rsa....to end, and paste into Notepad. Save as id_rsa.txt.

The id_rsa.txt is then ftp'd over to the ESX Host into the /$home/.ssh and renamed authorized_keys

As I said previously change ownership and permissions, and as far as I am aware, that should be it.

To use, open Putty, enter IP Address, select SSH/Auth from the Catagory tree, browse to my id_rsa.ppk file and click Open.

That is as far as I get.

The problem is that this has been working in our test environment, and I am doing nothing different. The systems are identical except for one factor and that is that the test environment was set up and is being managed from the same laptop. However the Dev environment was set up with one laptop, and managed with another having moved teh .ppk file across. I thought there may be some tie in between hardware and key so I generated a new set of keys with the new laptop, but it still fails. That is why I enquired if there was some sort of cache of keyfile that gets written to, that could be cleared.

The only change I made to the sshd_config was to enable Password Authentication so that if and when the certificate failed I could still log on. This eventually will need to be disabled once I have sorted out this problem.

Hello,

THere is no keyfile cache. Are you trying to get in as root or another user? Root will not work by default.

Look in ~/.ssh/authorized_keys and see if you have two lines with the same comment. Sometimes that is the issue.

Did you add it to the proper users authorized_keys file?

Simple things, I know but there is no cache mechanism for sshd. You could always do 'service sshd restart' and that will clear anything out that was there.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354, As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

Hi Edward,

I am using a user that has admin privilages, and once logged on su to root. I have looked at the authorized keys file, and there is only one key in it, the one that I created using Putty?

I cannot see any reason why this configuration doesn't work. I have done all the things that you suggest, during my fault diagnosis but cannot coome up with a cause.

My interntion is to build a stand alone host and try to either re-create the fault or see if re-building the host and starting with a clean sheet will cure the problem.

I will keep you posted as to my success/failure...

Hi again Edward,

Thanks for your help thus far, just to give a quick update. I haven't been able to reproduce the problem, but I have been able to get everything to work as expected. This leads me to believe my original thought about a user profile issue was the culprit although not proven. I think that the solution to my problem will be to remove the offending profile and recreate it. Then generate a fresh pair of keys, and take it from there.

Many thanks for your advice and assistance, this isn't the first timie you've got me out of a hole.

Kind regards

Steve Pickering

Hello Steve,

Just another thought, all items pertaining to SSH logins are logged to /var/log/secure and /var/log/messages. Do either of these files have errors pertaining to your login? It could be a permission problem with some aspect of the ssh subsystem. But recreating the profile and keys is a good way to go.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education. CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354, As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization