5 Replies Latest reply on Mar 20, 2014 7:08 PM by Norbs

    ESXi - SSH Login RSA Key Problems

    deanflyer Novice

       

      Has anyone come up with a method to reliably login to ESXi using SSH keys? Im trying to lock down the security on my ESXi box.

       

       

      I have tried using dropbear within ESXi as well as puttygen to generate the private/public key pair, but to no avail.

       

       

      I can log in fine using SSH, but as soon as I try to authenticate using the private key I get "server refused our key" error message.

       

       

      1. Generate private/public keypair (tried using drobear and puttygen)

       

       

      2. Copy public key to /.ssh/authorized_keys in ESXi root directory and set appropriate permissions (chmod 600)

       

       

      3. Use putty to access ESXi using privatekey for authorisation.

       

       

      Have looked in /var/log/messages, nothing listed there. Another post I saw referred to /var/log/secure but I dont have this log file on my ESXi server.

       

       

      Any help would be much appreciated.

       

       

      Dean

       

       

       

       

       

       

       

       

       

       

       

        • 1. Re: ESXi - SSH Login RSA Key Problems
          FluxNooB Lurker

          I having the exact same issues, I confess I'm a complete newbie to the linux environment and SSH. I've been trawling the net looking for solutions but as yet have not got very far. I can login via SSH with root username and password but not using shared keys. Any help would be greatly appreciated .

          • 2. Re: ESXi - SSH Login RSA Key Problems
            iwienand Enthusiast

            Im trying to lock down the security on my ESXi box

             

            You realise that ssh is a development convenience, and as such doesn't receive any of the QA or security analysis that the supported mechanisms receive?  So really by having it enabled you have created an attack vector.

             

            That said, it should "just work".  Are you sure you didn't put line-breaks in the line?  I've only ever done it with keys generated by openssh, so you might like to try that too.  Does the same key to let you log into another system?

            • 3. Re: ESXi - SSH Login RSA Key Problems
              inforhunter Enthusiast

              I have the same issue,but finally resolved it.here is steps:

              1.Generate private/public key via puttygen.

              2.Store private key on  local

              3.Copy  the public key displays in the puttygen form.(Attention:Do not save the public key as a Windows file,and then copy key code from the file to ESXi,because the key will break into several lines)

              4.paste the key in to ESXi's /etc/ssh/key-<username>/authorized_keys

              5.restart sshd:/etc/init.d/SSH restart

              6.login via Putty with the private key

              • 4. Re: ESXi - SSH Login RSA Key Problems
                ruby12 Novice

                Hi

                 

                Welcome to the communities.

                Could you please change chmode from 600 to 777 and test it .

                Using above steps need to confrom that there is security or permission problem.

                 

                There is no limit to courage. http://imagicon.info/cat/5-59/vbsmile.png
                • 5. Re: ESXi - SSH Login RSA Key Problems
                  Norbs Novice

                  Thank you this was extremely helpful. Been taking a linux class and ssh cert authentication was the subject today. My first idea was "ooh this would be awesome on my esxi server".

                  inforhunter wrote:

                   

                  I have the same issue,but finally resolved it.here is steps:

                  1.Generate private/public key via puttygen.

                  2.Store private key on  local

                  3.Copy  the public key displays in the puttygen form.(Attention:Do not save the public key as a Windows file,and then copy key code from the file to ESXi,because the key will break into several lines)

                  4.paste the key in to ESXi's /etc/ssh/key-<username>/authorized_keys

                  5.restart sshd:/etc/init.d/SSH restart

                  6.login via Putty with the private key