I have a setup where I am trying to script a file copy with scp of a .tgz backup of a VM to a remote server. I don't want the remote box to prompt for a password, so I want to generate a key pair and copy the .pub key to the remote host. However, the all walkthroughs I can find use the ssh-keygen utility, which is not available in ESXi 5.
Is there another method I can use to generate a key pair I can use for this?
Hello,
The command is available but hidden in another path:
./usr/lib/vmware/openssh/bin/ssh-keygen
This will work with any guide you want to use
Hello,
The command is available but hidden in another path:
./usr/lib/vmware/openssh/bin/ssh-keygen
This will work with any guide you want to use
That's some very useful info. Thanks!
Part 2 of this question... how can I automate this so that the keys survive a reboot of ESXi? I assume I'll have to place the key files on a vmfs volume and do something with rc.local to copy them to the correct locations, is there a walkthrough on this anywhere?
Thanks!
Regarding persisting the SSH keys or other files, take a look here:
http://www.virtuallyghetto.com/2011/08/how-to-persist-configuration-changes-in.html
http://www.virtuallyghetto.com/2011/08/how-to-persist-configuration-changes-in_09.html
THanks for yor Information.:) I really got muich information in this discssion. Thanks to all.
AWo,
I done follwing steps to take ssh ,But still it asing Password for me.Please review my below procedure. Please corrct me , if i did anything wrong.
1./usr/lib/vmware/openssh/bin/ssh-keygen -r rsa
2.New RSA pub key stored ont he /.ssh/id_rsa.pub location
3.Copied pub file from ESXi to RHEL /.ssh/authorization_keys file.
4.Chmod 770 /.ssh/ folders
5.Restard the SSH dameon
6.Take SSH Root@Ip
Stil asking the passowrd.PLease guide me here
Thanks
Bhoobhu
Wrong thread, isn't it? That is not yours.....
You need to copy the private key to your ssh client. Then copy the public key into the "authorized_keys" file on the ESXi host under the key directory of the user you use to connect:
cp /.ssh/id_rsa.pub /etc/ssh/keys-root/authorized_keys
Then use "ssh -i <private key file> -l root <hostname>" to connect
The private key is used on the client, not the public key!!! Imagine the public key (which is public as the name states) would be used to connect to the host. That would mean everybody can connect to the host. Therefore you need to keep the private key secret as this allows you to connect without any password.
AWo
Can you Please elaborate...
In ESXi ,
cp /.ssh/id_rsa.pub /etc/ssh/keys-root/authorized_keys
I have to run the commands,is it correct?
In RHEL,
I have to run the command ,ssh -i <private key file> -l root <hostname>
is this correct? If yes, shall i copy the id_dsa(Prvate key file ) from ESXi to RHEL.
You just repeated what I wrote....
AWo
🙂
And here is a walkthrough that Kyle Gleed posted
Maish
VMTN Moderator | vExpert
Author of VMware vSphere Design
Maish schrieb:
And here is a walkthrough that Kyle Gleed posted
Can you also provide a drive-in? I'm too lazy to walk today as it is too hot....
AWo
Hi Awo,
Again It asking Passpharse :smileyplain:...to allow login.
With out Passphares
You created the key-pair without a password by just hiting enter when keygen asked for a passphrase?
Post the content of your ESXi /etc/ssh/sshd_config.
AWo
My /etc/ssh/sshd_config Content
# running from inetd
# Port 2200
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation no
SyslogFacility auth
LogLevel info
RSAAuthentication yes
PubkeyAuthentication yes
PermitRootLogin yes
PrintMotd yes
PrintLastLog no
TCPKeepAlive yes
X11Forwarding no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc
MACs hmac-sha1,hmac-sha1-96
UsePAM yes
# only use PAM challenge-response (keyboard-interactive)
PasswordAuthentication no
Banner /etc/issue
Subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server
AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys
# Timeout value of 10 mins. The default value of ClientAliveCountMax is 3.
# Hence, we get a 3 * 200 = 600 seconds timeout if the client has been
# unresponsive.
ClientAliveInterval 200
Looks fine....
So,
1. "ssh-keygen -t rsa" without entering a password.
2. Copy /.ssh/id_rsa to remote host
3. Copy /.ssh/id_rsa.pub to /etc/ssh/keys-root/authorized_keys
4. On remote host use ssh -i id_rsa -l root <hostname>
And you are still prompted for a password? Have you checked if the content of authorized_keys and id_rsa.pub is the same?
AWo
Thanks lot AWo..........I can able to take ssh without entering the password now.
Thanks You so much