Difference between revisions of "Passwordless SSH"
Jump to navigation
Jump to search
(→ESXi0) |
|||
| Line 60: | Line 60: | ||
===Linux to ESXi=== | ===Linux to ESXi=== | ||
| + | |||
| + | === Bonus Thoughts... === | ||
| + | I can't see any reason these instructions couldn't be used to provide passwordless SSH to a remote ESXi server with a weird port number for SSH... | ||
| + | |||
| + | & since SCP runs over SSH... | ||
| + | |||
| + | Could be used for automatically copying backups to/from an offsite server... | ||
| + | |||
| + | hhhmmm... | ||
Revision as of 23:22, 6 July 2020
These instructions assume 2 ESXi servers: ESXi0 & ESXi1
Both of these servers have a datastore named Admin for Administrative stuff and a Folder named Utilities for storing useful things.
Contents
ESXi to ESXi
Source: How to SSH between ESXi 6.0U2 hosts without providing a password
The following 2 sections are basically lists of Copy-Pasta commands for each server.
ESXi0
mkdir /vmfs/volumes/Admin/Utilities/sslmkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi1mkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keysmkdir /.sshcd /.ssh/usr/lib/vmware/openssh/bin/ssh-keygen -t rsa -b 4096cat id_rsa.pub | ssh root@ESXi1 'cat >> /etc/ssh/keys-root/authorized_keys'cp /.ssh/* /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keysvi /etc/rc.local.d/local.sh
mkdir /.ssh cp /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keys/* /.ssh
/sbin/auto-backup.sh
ESXi1
mkdir /vmfs/volumes/Admin/Utilities/sslmkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi0mkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi0/keysmkdir /.sshcd /.ssh/usr/lib/vmware/openssh/bin/ssh-keygen -t rsa -b 4096cat id_rsa.pub | ssh root@ESXi0 'cat >> /etc/ssh/keys-root/authorized_keys'cp /.ssh/* /vmfs/volumes/Admin/Utilities/ssl/ESXi0/keysvi /etc/rc.local.d/local.sh
mkdir /.ssh cp /vmfs/volumes/Admin/Utilities/ssl/ESXi0/keys/* /.ssh
/sbin/auto-backup.sh
On Both Servers
chmod +t /etc/ssh/keys-root/authorized_keysvi /etc/ssh/sshd_config- (Ensure the following items are in the file)
PermitRootLogin yes UsePAM yes # only use PAM challenge-response (keyboard-interactive) PasswordAuthentication no
/etc/init.d/SSH restart
At this point, you should be able to SSH from one to the other without needing to enter a password.
ESXi to Linux
Linux to ESXi
Bonus Thoughts...
I can't see any reason these instructions couldn't be used to provide passwordless SSH to a remote ESXi server with a weird port number for SSH...
& since SCP runs over SSH...
Could be used for automatically copying backups to/from an offsite server...
hhhmmm...
