Difference between revisions of "Passwordless SSH"

From The TinkerNet Wiki
Jump to navigation Jump to search
Line 30: Line 30:
 
*vi /etc/ssh/sshd_config
 
*vi /etc/ssh/sshd_config
  
PermitRootLogin yes
+
PermitRootLogin yes
 
+
UsePAM yes
UsePAM yes
+
# only use PAM challenge-response (keyboard-interactive)
 
+
PasswordAuthentication no  
<nowiki>#</nowiki> only use PAM challenge-response (keyboard-interactive)
+
# ?????? #
 
+
ChallengeResponseAuthentication no
PasswordAuthentication no  
 
 
 
<nowiki>#</nowiki> ?????? #
 
 
 
ChallengeResponseAuthentication no
 

Revision as of 23:21, 6 July 2020

ESXi0

  • mkdir /vmfs/volumes/Admin/Utilities/ssl
  • mkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi1
  • mkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keys
  • mkdir /.ssh
  • cd /.ssh
  • /usr/lib/vmware/openssh/bin/ssh-keygen -t rsa -b 4096
  • ls
  • cat id_rsa.pub | ssh root@ESXi1 'cat >> /etc/ssh/keys-root/authorized_keys'
  • cd /etc/ssh/keys-root/
  • ls -l
  • cp /.ssh/* /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keys


ESXi1

  • mkdir /vmfs/volumes/Admin/Utilities/ssl
  • mkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi0
  • mkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi0/keys
  • mkdir /.ssh
  • cd /.ssh
  • /usr/lib/vmware/openssh/bin/ssh-keygen -t rsa -b 4096
  • ls
  • cat id_rsa.pub | ssh root@ESXi0 'cat >> /etc/ssh/keys-root/authorized_keys'
  • cd /etc/ssh/keys-root/
  • ls -l
  • cp /.ssh/* /vmfs/volumes/Admin/Utilities/ssl/ESXi0/keys
  • vi /etc/ssh/sshd_config
PermitRootLogin yes
UsePAM yes
# only use PAM challenge-response (keyboard-interactive)
PasswordAuthentication no 
# ?????? #
ChallengeResponseAuthentication no
Retrieved from ‘https://wiki.tinkernet.ca/index.php?title=Passwordless_SSH&oldid=544