VMware ESXi 7
Sponsored Link

SSH : Key-Pair Authentication2023/02/22
 
Generate SSH Key-Pair and set Authentication by it.
If you like to enable SSH service always, you shoud set Key-Pair and also should disable password authentication method.
[1] Generate SSH Key-Pair on the shell.
# create key-pair

[root@ctrl:~]
/usr/lib/vmware/openssh/bin/ssh-keygen 

Generating public/private rsa key pair.
# set key-store location like follows (default on ESXi sshd_config)
# for other users ⇒ /etc/ssh/keys-(username)
Enter file in which to save the key (//.ssh/id_rsa): /etc/ssh/keys-root/id_rsa
Enter passphrase (empty for no passphrase):   # set passphrase (if set no passphrase, Enter with empty)
Enter same passphrase again:
Your identification has been saved in /etc/ssh/keys-root/id_rsa
Your public key has been saved in /etc/ssh/keys-root/id_rsa.pub
The key fingerprint is:
SHA256:uk+P14mmtLzAWjrEMpisknffKeuxjcKXuwWpufTqN1c root@ctrl.srv.world
The key's randomart image is:
.....
.....
[root@ctrl:~]
ll /etc/ssh/keys-root 

total 16
drwxr-xr-x    1 root     root           512 Feb 22 06:52 .
drwxr-xr-x    1 root     root           512 Feb 22 04:31 ..
-rw------T    1 root     root             0 Aug 23  2022 authorized_keys
-rw-------    1 root     root          2655 Feb 22 06:52 id_rsa
-rw-r--r--    1 root     root           573 Feb 22 06:52 id_rsa.pub
[root@ctrl:~]
cat /etc/ssh/keys-root/id_rsa.pub >> /etc/ssh/keys-root/authorized_keys

# to disable password input authentication method too, set like follows

[root@ctrl:~]
vi /etc/ssh/sshd_config
# line 32 :
# password authentication = no
# keyboard interactive authentication = no (add the line)

PasswordAuthentication no
KbdInteractiveAuthentication no
[root@ctrl:~]
/etc/init.d/SSH restart

SSH login disabled
SSH login enabled
[2] Transfer the secret key [/etc/ssh/keys-root/id_rsa] on ESXi Host to any client computer and verify SSH access with Key-Pair Authentication.
# [id_rsa] file transfered from ESXi Host

[root@localhost ~]#
ll ~/.ssh 

total 12
-rw-------. 1 root root 2655 Feb 22 15:56 id_rsa
-rw-------. 1 root root  996 Feb 22 11:13 known_hosts
[root@localhost ~]#
ssh root@ctrl.srv.world uname -a

Enter passphrase for key '/root/.ssh/id_rsa':
VMkernel ctrl.srv.world 7.0.3 #1 SMP Release build-20328353 Aug 22 2022 19:41:06 x86_64 x86_64 x86_64 ESXi
Matched Content