VMware vSphere

 View Only

  • 1.  Unable to setup passwordless ssh to esx node

    Posted May 23, 2020 03:29 PM

    May I know why I can not do a passwordless ssh to an ESXI node?

    [mahmood@hpc ~]$ ssh-keygen

    Generating public/private rsa key pair.

    Enter file in which to save the key (/home/mahmood/.ssh/id_rsa):

    Enter passphrase (empty for no passphrase):

    Enter same passphrase again:

    Your identification has been saved in /home/mahmood/.ssh/id_rsa.

    Your public key has been saved in /home/mahmood/.ssh/id_rsa.pub.

    The key fingerprint is:

    SHA256:WlIY5cI9vrxfN3Wh0jyyyl9YM73Y+IwlVQkYD/AzPuA mahmood@hpc.scu.ac.ir

    The key's randomart image is:

    +---[RSA 2048]----+

    |      .....oo.   |

    |     . =  ..o . .|

    |      + =. + . o.|

    |       +..o = o o|

    |      . SE = O oo|

    |       = .  B O.o|

    |      . o  o.=o+ |

    |        ......*. |

    |        .+o. . o |

    +----[SHA256]-----+

    [mahmood@hpc ~]$ ssh-copy-id root@10.1.1.101

    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/mahmood/.ssh/id_rsa.pub"

    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

    Password:

    Warning: untrusted X11 forwarding setup failed: xauth key data not generated

    Number of key(s) added: 1

    Now try logging into the machine, with:   "ssh 'root@10.1.1.101'"

    and check to make sure that only the key(s) you wanted were added.

    [mahmood@hpc ~]$ ssh root@10.1.1.101

    Password:

    Warning: untrusted X11 forwarding setup failed: xauth key data not generated

    The time and date of this login have been sent to the system logs.

    WARNING:

       All commands run on the ESXi shell are logged and may be included in

       support bundles. Do not provide passwords directly on the command line.

       Most tools can prompt for secrets or accept them from standard input.

    VMware offers supported, powerful system administration tools.  Please

    see www.vmware.com/go/sysadmintools for details.

    The ESXi Shell can be disabled by an administrative user. See the

    vSphere Security documentation for more information.

    [root@localhost:~]

    [root@localhost:~] ls -l .ssh/

    total 4

    -rw-------    1 root     root           403 May 23 15:25 authorized_keys

    Any idea about that?



  • 2.  RE: Unable to setup passwordless ssh to esx node

    Posted May 24, 2020 12:34 PM

    ESXi is not Linux and private key auth doesn't work the same way. Please read: https://kb.vmware.com/s/article/1002866



  • 3.  RE: Unable to setup passwordless ssh to esx node

    Posted May 25, 2020 08:37 AM

    I think I did it in the same way as the document you mentioned. I have stored the public key on the esxi node

    ESXi

    [root@localhost:~] cat .ssh/authorized_keys

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrXLNmnMu4nYQYi+EFVEQcfFOt7OB2x6iOYVzhnf2d2DEbTNfnVQ7OoO9naDN9ESrSdqPMwXNf2BxzexXTMBsOd/2n9qy9vLPkRC2DBrOEHf0BdQTVClOiYFL/C9DNAqTG8RTTsjb/uLxY1Yr97kVM3GcQqO1yaIQIyRgmfu0zsHaJRnUXUgQ1PRudBcxHD4nqBXgU2M9aOBQ6AHUnIbkZiuY+VxX6m4UFhVm23qD1gVnJmKPcseLnkDKV+/TGhAeBhbYTxViyHnsflUUzdwnXE0u/6S/9U7+K8EXq+xHA6ev2kY6wRPnEjVcrek97B mahmood@XXXXXX

    My local machine

    [mahmood@hpc ~]$ ls .ssh

    id_rsa  id_rsa.pub  known_hosts

    [mahmood@hpc ~]$ cat .ssh/id_rsa.pub

    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrXLNmnMu4nYQYi+EFVEQcfFOt7OB2x6iOYVzhnf2d2DEbTNfnVQ7OoO9naDN9ESrSdqPMwXNf2BxzexXTMBsOd/2n9qy9vLPkRC2DBrOEHf0BdQTVClOiYFL/C9DNAqTG8RTTsjb/uLxY1Yr97kVM3GcQqO1yaIQIyRgmfu0zsHaJRnUXUgQ1PRudBcxHD4nqBXgU2M9aOBQ6AHUnIbkZiuY+VxX6m4UFhVm23qD1gVnJmKPcseLnkDKV+/TGhAeBhbYTxViyHnsflUUzdwnXE0u/6S/9U7+K8EXq+xHA6ev2kY6wRPnEjVcrek97B mahmood@XXXXXX

    Apart from that, after I set ChallengeResponseAuthentication to no in sshd_config, I am no longer to able to ssh to the esxi node

    [root@localhost:~] grep PermitRootLogin /etc/ssh/sshd_config

    PermitRootLogin yes

    [root@localhost:~] grep ChallengeResponseAuthentication /etc/ssh/sshd_config

    ChallengeResponseAuthentication  no

    [root@localhost:~] grep PasswordAuthentication /etc/ssh/sshd_config

    PasswordAuthentication no

    [root@localhost:~] /etc/init.d/SSH restart

    SSH login disabled

    SSH login enabled

    [root@localhost:~] exit

    Connection to 10.1.1.101 closed.

    [mahmood@hpc ~]$ ssh root@10.1.1.101

    Permission denied (publickey).

    That means at this point I am not able to login to the esxi node even with password.

    Is there any way from web interface of the esxi node to enable *at least* password based ssh?



  • 4.  RE: Unable to setup passwordless ssh to esx node
    Best Answer

    Posted May 25, 2020 01:54 PM

    No, you didn't.:

    For ESXi 5.x, 6.0, 6.5 and 6.7, the authorized_keys is located at: /etc/ssh/keys-<username>/authorized_keys