May I know why I can not do a passwordless ssh to an ESXI node?
[mahmood@hpc ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mahmood/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/mahmood/.ssh/id_rsa.
Your public key has been saved in /home/mahmood/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:WlIY5cI9vrxfN3Wh0jyyyl9YM73Y+IwlVQkYD/AzPuA mahmood@hpc.scu.ac.ir
The key's randomart image is:
+---[RSA 2048]----+
| .....oo. |
| . = ..o . .|
| + =. + . o.|
| +..o = o o|
| . SE = O oo|
| = . B O.o|
| . o o.=o+ |
| ......*. |
| .+o. . o |
+----[SHA256]-----+
[mahmood@hpc ~]$ ssh-copy-id root@10.1.1.101
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/mahmood/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@10.1.1.101'"
and check to make sure that only the key(s) you wanted were added.
[mahmood@hpc ~]$ ssh root@10.1.1.101
Password:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
The time and date of this login have been sent to the system logs.
WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools. Please
see www.vmware.com/go/sysadmintools for details.
The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root@localhost:~]
[root@localhost:~] ls -l .ssh/
total 4
-rw------- 1 root root 403 May 23 15:25 authorized_keys
Any idea about that?
No, you didn't.:
For ESXi 5.x, 6.0, 6.5 and 6.7, the authorized_keys is located at: /etc/ssh/keys-<username>/authorized_keys
ESXi is not Linux and private key auth doesn't work the same way. Please read: https://kb.vmware.com/s/article/1002866
I think I did it in the same way as the document you mentioned. I have stored the public key on the esxi node
ESXi
[root@localhost:~] cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrXLNmnMu4nYQYi+EFVEQcfFOt7OB2x6iOYVzhnf2d2DEbTNfnVQ7OoO9naDN9ESrSdqPMwXNf2BxzexXTMBsOd/2n9qy9vLPkRC2DBrOEHf0BdQTVClOiYFL/C9DNAqTG8RTTsjb/uLxY1Yr97kVM3GcQqO1yaIQIyRgmfu0zsHaJRnUXUgQ1PRudBcxHD4nqBXgU2M9aOBQ6AHUnIbkZiuY+VxX6m4UFhVm23qD1gVnJmKPcseLnkDKV+/TGhAeBhbYTxViyHnsflUUzdwnXE0u/6S/9U7+K8EXq+xHA6ev2kY6wRPnEjVcrek97B mahmood@XXXXXX
My local machine
[mahmood@hpc ~]$ ls .ssh
id_rsa id_rsa.pub known_hosts
[mahmood@hpc ~]$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrXLNmnMu4nYQYi+EFVEQcfFOt7OB2x6iOYVzhnf2d2DEbTNfnVQ7OoO9naDN9ESrSdqPMwXNf2BxzexXTMBsOd/2n9qy9vLPkRC2DBrOEHf0BdQTVClOiYFL/C9DNAqTG8RTTsjb/uLxY1Yr97kVM3GcQqO1yaIQIyRgmfu0zsHaJRnUXUgQ1PRudBcxHD4nqBXgU2M9aOBQ6AHUnIbkZiuY+VxX6m4UFhVm23qD1gVnJmKPcseLnkDKV+/TGhAeBhbYTxViyHnsflUUzdwnXE0u/6S/9U7+K8EXq+xHA6ev2kY6wRPnEjVcrek97B mahmood@XXXXXX
Apart from that, after I set ChallengeResponseAuthentication to no in sshd_config, I am no longer to able to ssh to the esxi node
[root@localhost:~] grep PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin yes
[root@localhost:~] grep ChallengeResponseAuthentication /etc/ssh/sshd_config
ChallengeResponseAuthentication no
[root@localhost:~] grep PasswordAuthentication /etc/ssh/sshd_config
PasswordAuthentication no
[root@localhost:~] /etc/init.d/SSH restart
SSH login disabled
SSH login enabled
[root@localhost:~] exit
Connection to 10.1.1.101 closed.
[mahmood@hpc ~]$ ssh root@10.1.1.101
Permission denied (publickey).
That means at this point I am not able to login to the esxi node even with password.
Is there any way from web interface of the esxi node to enable *at least* password based ssh?
No, you didn't.:
For ESXi 5.x, 6.0, 6.5 and 6.7, the authorized_keys is located at: /etc/ssh/keys-<username>/authorized_keys