SSH from ESX host to ESX host with No Password

Sometimes you need to script a job that SSH’s into another ESX host, problem is you will be prompted for a password—pretty much taking out all the automation aspect of a script.

There is a way around this.  Simply generate a public SSH key and place it in an authorized_keys file on your 2nd, 3rd, 4th, etc. ESX host.

First we generate the key on the host you wish to SSH from:

[root@dpcrcvmesx1 .ssh]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):

Using the default location is just fine.  We then take the contents of the file (located by default in /root/.ssh/) and place it into a file called authorized_keys which would be in the /root/.ssh/ folder of your destination ESX host.

After this has been done, I can now SSH from my primary ESX host to my secondary without being prompted for a password:

[root@dpcrcvmesx1 root]# ssh dpcrcvmesx2
Last login: Fri Jan 16 14:04:19 2009 from
[root@dpcrcvmesx2 root]#

Created on January 16, 2009 by Rick Scherer

Posted under ESX 3.5 Tips, ESXi 3.5 Tips, Security.

This blog has 12,641 views.

Tags: , , , ,

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

2 Comments so far

  1. stephen Nordlund
    6:24 am on January 29th, 2009

    Think you forgot a minor step, which was allow root to ssh to the ESX host.

    # grep Root /etc/ssh/sshd_config
    PermitRootLogin no

    Default is set to “no” but this can be modified to be “yes”. Although I highly recommend against putting “yes” as the value.

  2. Rick Scherer
    11:37 am on January 29th, 2009

    Best practice would be to do these steps on a non-root user, then use sudo to run commands as root from that users account.


Leave a Comment

Name (required)

Email (required)



More Blog Post