VMware Cloud Community
mahmn
Enthusiast
Enthusiast
Jump to solution

Unable to setup passwordless ssh to esx node

May I know why I can not do a passwordless ssh to an ESXI node?

[mahmood@hpc ~]$ ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/mahmood/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/mahmood/.ssh/id_rsa.

Your public key has been saved in /home/mahmood/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:WlIY5cI9vrxfN3Wh0jyyyl9YM73Y+IwlVQkYD/AzPuA mahmood@hpc.scu.ac.ir

The key's randomart image is:

+---[RSA 2048]----+

|      .....oo.   |

|     . =  ..o . .|

|      + =. + . o.|

|       +..o = o o|

|      . SE = O oo|

|       = .  B O.o|

|      . o  o.=o+ |

|        ......*. |

|        .+o. . o |

+----[SHA256]-----+

[mahmood@hpc ~]$ ssh-copy-id root@10.1.1.101

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/mahmood/.ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Password:

Warning: untrusted X11 forwarding setup failed: xauth key data not generated

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.1.1.101'"

and check to make sure that only the key(s) you wanted were added.

[mahmood@hpc ~]$ ssh root@10.1.1.101

Password:

Warning: untrusted X11 forwarding setup failed: xauth key data not generated

The time and date of this login have been sent to the system logs.

WARNING:

   All commands run on the ESXi shell are logged and may be included in

   support bundles. Do not provide passwords directly on the command line.

   Most tools can prompt for secrets or accept them from standard input.

VMware offers supported, powerful system administration tools.  Please

see www.vmware.com/go/sysadmintools for details.

The ESXi Shell can be disabled by an administrative user. See the

vSphere Security documentation for more information.

[root@localhost:~]

[root@localhost:~] ls -l .ssh/

total 4

-rw-------    1 root     root           403 May 23 15:25 authorized_keys

Any idea about that?

1 Solution

Accepted Solutions
daphnissov
Immortal
Immortal
Jump to solution

No, you didn't.:

For ESXi 5.x, 6.0, 6.5 and 6.7, the authorized_keys is located at: /etc/ssh/keys-<username>/authorized_keys

View solution in original post

3 Replies
daphnissov
Immortal
Immortal
Jump to solution

ESXi is not Linux and private key auth doesn't work the same way. Please read: https://kb.vmware.com/s/article/1002866

Reply
0 Kudos
mahmn
Enthusiast
Enthusiast
Jump to solution

I think I did it in the same way as the document you mentioned. I have stored the public key on the esxi node

ESXi

[root@localhost:~] cat .ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrXLNmnMu4nYQYi+EFVEQcfFOt7OB2x6iOYVzhnf2d2DEbTNfnVQ7OoO9naDN9ESrSdqPMwXNf2BxzexXTMBsOd/2n9qy9vLPkRC2DBrOEHf0BdQTVClOiYFL/C9DNAqTG8RTTsjb/uLxY1Yr97kVM3GcQqO1yaIQIyRgmfu0zsHaJRnUXUgQ1PRudBcxHD4nqBXgU2M9aOBQ6AHUnIbkZiuY+VxX6m4UFhVm23qD1gVnJmKPcseLnkDKV+/TGhAeBhbYTxViyHnsflUUzdwnXE0u/6S/9U7+K8EXq+xHA6ev2kY6wRPnEjVcrek97B mahmood@XXXXXX

My local machine

[mahmood@hpc ~]$ ls .ssh

id_rsa  id_rsa.pub  known_hosts

[mahmood@hpc ~]$ cat .ssh/id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrXLNmnMu4nYQYi+EFVEQcfFOt7OB2x6iOYVzhnf2d2DEbTNfnVQ7OoO9naDN9ESrSdqPMwXNf2BxzexXTMBsOd/2n9qy9vLPkRC2DBrOEHf0BdQTVClOiYFL/C9DNAqTG8RTTsjb/uLxY1Yr97kVM3GcQqO1yaIQIyRgmfu0zsHaJRnUXUgQ1PRudBcxHD4nqBXgU2M9aOBQ6AHUnIbkZiuY+VxX6m4UFhVm23qD1gVnJmKPcseLnkDKV+/TGhAeBhbYTxViyHnsflUUzdwnXE0u/6S/9U7+K8EXq+xHA6ev2kY6wRPnEjVcrek97B mahmood@XXXXXX

Apart from that, after I set ChallengeResponseAuthentication to no in sshd_config, I am no longer to able to ssh to the esxi node

[root@localhost:~] grep PermitRootLogin /etc/ssh/sshd_config

PermitRootLogin yes

[root@localhost:~] grep ChallengeResponseAuthentication /etc/ssh/sshd_config

ChallengeResponseAuthentication  no

[root@localhost:~] grep PasswordAuthentication /etc/ssh/sshd_config

PasswordAuthentication no

[root@localhost:~] /etc/init.d/SSH restart

SSH login disabled

SSH login enabled

[root@localhost:~] exit

Connection to 10.1.1.101 closed.

[mahmood@hpc ~]$ ssh root@10.1.1.101

Permission denied (publickey).

That means at this point I am not able to login to the esxi node even with password.

Is there any way from web interface of the esxi node to enable *at least* password based ssh?

Reply
0 Kudos
daphnissov
Immortal
Immortal
Jump to solution

No, you didn't.:

For ESXi 5.x, 6.0, 6.5 and 6.7, the authorized_keys is located at: /etc/ssh/keys-<username>/authorized_keys