ESXi

I have to connect from a linux vm to an esxi host with ssh without entering the password.

Here's what I diOn the linux vm (Almalinux) I have:

• generated a key pair (private and public) with the ssh-keygen ~/.ssh/linux_vm command
• register the keys with the command: ssh-add ~/.ssh/linux_server
• copied the public key to the Esxi server with the command ssh-copy-id -i ~/.ssh/linux_vm root@hostesxi

On the Esxi (8.0 Update 2) host I have:

• copied the ~/.ssh/linux_vm file to the /vmfs/volumes/669e51c5-16a4cb05-9483-ecf4bbd5dcf4/ssh folder
• modified the file sshd_config like this:

#acceptenv
allowstreamlocalforwarding NO
allowtcpforwarding NO
banner /etc/issue
challengeresponseauthentication yes
ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
clientalivecountmax 3
clientaliveinterval 200
fipsmode yes
gatewayports NO
hostbasedauthentication no
hostkeyalgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512
ignorerhosts yes
kexalgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
loglevel INFO
macs hmac-sha2-256,hmac-sha2-512
maxstartups 10:30:100
permitrootlogin yes
permittunnel no
permituserenvironment no
printmotd yes
rekeylimit 1G, 1H
syslogfacility AUTH
tcpkeepalive yes
usepam yes
x11forwarding no
subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server -f LOCAL5 -l INFO
strictmodes yes
passwordauthentication no
permitemptypasswords no
hostkey /etc/ssh/ssh_host_rsa_key
hostkey /etc/ssh/ssh_host_ecdsa_key
compression no
authorizedkeysfile /vmfs/volumes/669e51c5-16a4cb05-9483-ecf4bbd5dcf4/ssh

• restart ssh 

Unfortunately, however, when I connect with ssh it continues to ask me the password.

Any idea?

Thanks

Your public key should go to

/etc/ssh/keys-$username/authorized_keys

This works for me on Esxi 8

-Heinrich

I have to connect from a linux vm to an esxi host with ssh without entering the password.

Here's what I diOn the linux vm (Almalinux) I have:

• generated a key pair (private and public) with the ssh-keygen ~/.ssh/linux_vm command
• register the keys with the command: ssh-add ~/.ssh/linux_server
• copied the public key to the Esxi server with the command ssh-copy-id -i ~/.ssh/linux_vm root@hostesxi

On the Esxi (8.0 Update 2) host I have:

• copied the ~/.ssh/linux_vm file to the /vmfs/volumes/669e51c5-16a4cb05-9483-ecf4bbd5dcf4/ssh folder
• modified the file sshd_config like this:

#acceptenv
allowstreamlocalforwarding NO
allowtcpforwarding NO
banner /etc/issue
challengeresponseauthentication yes
ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
clientalivecountmax 3
clientaliveinterval 200
fipsmode yes
gatewayports NO
hostbasedauthentication no
hostkeyalgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512
ignorerhosts yes
kexalgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
loglevel INFO
macs hmac-sha2-256,hmac-sha2-512
maxstartups 10:30:100
permitrootlogin yes
permittunnel no
permituserenvironment no
printmotd yes
rekeylimit 1G, 1H
syslogfacility AUTH
tcpkeepalive yes
usepam yes
x11forwarding no
subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server -f LOCAL5 -l INFO
strictmodes yes
passwordauthentication no
permitemptypasswords no
hostkey /etc/ssh/ssh_host_rsa_key
hostkey /etc/ssh/ssh_host_ecdsa_key
compression no
authorizedkeysfile /vmfs/volumes/669e51c5-16a4cb05-9483-ecf4bbd5dcf4/ssh

• restart ssh 

Unfortunately, however, when I connect with ssh it continues to ask me the password.

Any idea?

Thanks

No sorting of any kind required!

You did change  
"AuthorizedKeysFile"  back to "/etc/ssh/keys-%u/authorized_keys" ? And restarted sshd or rebooted the server afterwards?

Other than that, I cannot offer you any more help, I am afraid. Google might be your friend!

-Heinrich

Hi Heinrich. I found the problem. The public key must be placed in the "authorized_keys" file. Instead, I copied the file containing the public key into the "/etc/ssh/keys-%u/authorized_keys" folder. Thank you for your help

No sorting of any kind required!

You did change  
"AuthorizedKeysFile"  back to "/etc/ssh/keys-%u/authorized_keys" ? And restarted sshd or rebooted the server afterwards?

Other than that, I cannot offer you any more help, I am afraid. Google might be your friend!

-Heinrich