Sometimes you need to script a job that SSH’s into another ESX host, problem is you will be prompted for a password—pretty much taking out all the automation aspect of a script.
There is a way around this. Simply generate a public SSH key and place it in an authorized_keys file on your 2nd, 3rd, 4th, etc. ESX host.
First we generate the key on the host you wish to SSH from:
[root@dpcrcvmesx1 .ssh]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Using the default location is just fine. We then take the contents of the id_dsa.pub file (located by default in /root/.ssh/) and place it into a file called authorized_keys which would be in the /root/.ssh/ folder of your destination ESX host.
After this has been done, I can now SSH from my primary ESX host to my secondary without being prompted for a password:
[root@dpcrcvmesx1 root]# ssh dpcrcvmesx2
Last login: Fri Jan 16 14:04:19 2009 from vmvc.sannet.gov
[root@dpcrcvmesx2 root]#
:: January 16, 2009 by Rick Scherer
Posted under ESX 3.5 Tips, ESXi 3.5 Tips, Security, this blog has 4,291 views and 5 responses.
(No Ratings Yet)
Loading ...
11:37 am on January 29th, 2009
Best practice would be to do these steps on a non-root user, then use sudo to run commands as root from that users account.
6:24 am on January 29th, 2009
Think you forgot a minor step, which was allow root to ssh to the ESX host.
# grep Root /etc/ssh/sshd_config
PermitRootLogin no
Default is set to “no” but this can be modified to be “yes”. Although I highly recommend against putting “yes” as the value.