Sunday, November 10, 2013

How To Setup ESXi SSH Keys for Passwordless Access

Generate Your Keys

Linux

From the remote Linux server:
ssh-keygen
Note: Make sure to leave the password empty, or you will defeat this whole passwordless exercise.

This will generate ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub.  You can setup your default identity with:
cp ~/.ssh/id_rsa.pub ~/.ssh/identity.pub

Next we will use a helpful tool to copy our public key to the appropriate location on the target server.  The "ssh-copy-id" tool will copy the public key to ~/.ssh/authorized_keys and set the appropriate permissions for us.  This can be done manually, if needed.


The general method to copy the public key to the target ESX server's authorized list is using ssh-copy-id:
ssh-copy-id root@[SERVER]

If you don't have the default identity.pub setup, you can specify your public key with:
ssh-copy-id -i ~/.ssh/id_rsa.pub root@[SERVER]

WARNING: Make sure to include 'root@' or it will try to copy to the same user name as you are currently logged in as.

Note, each version of ESX/ESXi has a few adjustments to make it work.

Windows

For Windows servers you will need to use PUTTY and PUTTYgen.  Within PUTTYgen, simply click "Generate", move your mouse a lot over the blank area, and wait for the keys to be generated.



The text within the "Public key for pasting into OpenSSH authorized_key file" area is the key that needs to go into the authorized_keys file on your server.  Click the "Save private key" button and save this private_key.ppk file to a secure location.  This is the key you will load into Putty to connect to the server.

 

ESXi 5.x

ESXi 5.x looses the keys on reboot unless you take a few extra steps.

1. Copy public key:
linux# ssh-copy-id -i ~/.ssh/id_rsa.pub root@[SERVER]

2. On the ESXi server:
esx# cp /.ssh/authorized_keys  /etc/ssh/keys-root/authorized_keys

3. Reboot ESXi server, so the script is saved to the boot bank. (Do not power cycle)
esx# reboot

4. Done. Verify passwordless access:
linux# ssh root@[SERVER] 


ESXi 4.x

ESXi 4.x looses the keys on reboot unless you take a few extra steps.

1. Copy public key:
linux# ssh-copy-id -i ~/.ssh/id_rsa.pub root@[SERVER]

2. On the ESXi server:
esx# cp -r /.ssh /scratch

3. On the ESXi server, add the following to /etc/rc.local:
esx# cp -r /scratch/.ssh /

3. Reboot ESXi server, so the script is saved to the boot bank. (Do not power cycle)
esx# reboot

4. Done. Verify passwordless access:
linux# ssh root@[SERVER]

ESX 4.x

1. Copy public key:
linux# ssh-copy-id -i ~/.ssh/id_rsa.pub root@[SERVER]

2. Done. Verify passwordless access:
linux# ssh root@[SERVER]


No comments: