To allow SSH access to ESXi/ESX hosts with public/private key authentication:
- Generate public/private keys. For detailed instructions, see the OpenBSD Reference Manual from OpenBSD.
- These instructions generate two files in ~/.ssh: id_rsa and id_rsa.pub.
- In ESXi 5.x, the ssh-keygen command is located at /usr/lib/vmware/openssh/bin.
- The preceding link was valid as of November 26, 2013. If you find the link to be broken, provide feedback on the article and a VMware employee will update the article as necessary.
- On the remote host, store the public key content, id_rsa.pub in ~/.ssh/authorized_keys.
- For ESXi 5.0, the location of authorized_keys is: /etc/ssh/keys-<username>/authorized_keys
- More than one key can be stored in this file.
- To allow root access, changePermitRootLogin no to PermitRootLogin yes in the /etc/ssh/sshd_config file.
- To disable password login, ensure thatChallengeResponseAuthentication and PasswordAuthentication are set tono.
- Reload the service:
- For ESXi, run the command:
- For ESX, run the command:
service sshd reload