Difference between revisions of "Passwordless SSH"
| Line 58: | Line 58: | ||
===ESXi to Linux=== | ===ESXi to Linux=== | ||
| + | Assuming you've already created your keyes in [[ESXi - Passwordless SSH#ESXi to ESXi|ESXi to ESXi]] | ||
===Linux to ESXi=== | ===Linux to ESXi=== | ||
| − | * <code>ssh-keygen -t rsa</code> | + | *<code>ssh-keygen -t rsa</code> |
| − | * <code>cat ~/.ssh/id_rsa.pub | ssh root@ESXi0 'cat >> /etc/ssh/keys-root/authorized_keys'</code> | + | *<code>cat ~/.ssh/id_rsa.pub | ssh root@ESXi0 'cat >> /etc/ssh/keys-root/authorized_keys'</code> |
| − | * <code>ssh root@esxi0 "cp /.ssh/* /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keys"</code> | + | *<code>ssh root@esxi0 "cp /.ssh/* /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keys"</code> |
| − | * <code>ssh root@esxi0 "/sbin/auto-backup.sh"</code> | + | *<code>ssh root@esxi0 "/sbin/auto-backup.sh"</code> |
===Bonus Thoughts...=== | ===Bonus Thoughts...=== | ||
Revision as of 01:07, 7 July 2020
These instructions assume 2 ESXi servers: ESXi0 & ESXi1
Both of these servers have a datastore named Admin for Administrative stuff and a Folder named Utilities for storing useful things.
Contents
ESXi to ESXi
Source: How to SSH between ESXi 6.0U2 hosts without providing a password
The following 2 sections are basically lists of Copy-Pasta commands for each server.
ESXi0
mkdir /vmfs/volumes/Admin/Utilities/sslmkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi1mkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keysmkdir /.sshcd /.ssh/usr/lib/vmware/openssh/bin/ssh-keygen -t rsa -b 4096cat id_rsa.pub | ssh root@ESXi1 'cat >> /etc/ssh/keys-root/authorized_keys'cp /.ssh/* /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keysvi /etc/rc.local.d/local.sh
mkdir /.ssh cp /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keys/* /.ssh
/sbin/auto-backup.sh
ESXi1
mkdir /vmfs/volumes/Admin/Utilities/sslmkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi0mkdir /vmfs/volumes/Admin/Utilities/ssl/ESXi0/keysmkdir /.sshcd /.ssh/usr/lib/vmware/openssh/bin/ssh-keygen -t rsa -b 4096cat id_rsa.pub | ssh root@ESXi0 'cat >> /etc/ssh/keys-root/authorized_keys'cp /.ssh/* /vmfs/volumes/Admin/Utilities/ssl/ESXi0/keysvi /etc/rc.local.d/local.sh
mkdir /.ssh cp /vmfs/volumes/Admin/Utilities/ssl/ESXi0/keys/* /.ssh
/sbin/auto-backup.sh
On Both Servers
chmod +t /etc/ssh/keys-root/authorized_keysvi /etc/ssh/sshd_config- (Ensure the following items are in the file)
PermitRootLogin yes UsePAM yes # only use PAM challenge-response (keyboard-interactive) PasswordAuthentication no
/etc/init.d/SSH restart
At this point, you should be able to SSH from one to the other without needing to enter a password.
ESXi to Linux
Assuming you've already created your keyes in ESXi to ESXi
Linux to ESXi
ssh-keygen -t rsacat ~/.ssh/id_rsa.pub | ssh root@ESXi0 'cat >> /etc/ssh/keys-root/authorized_keys'ssh root@esxi0 "cp /.ssh/* /vmfs/volumes/Admin/Utilities/ssl/ESXi1/keys"ssh root@esxi0 "/sbin/auto-backup.sh"
Bonus Thoughts...
I can't see any reason these instructions couldn't be used to provide passwordless SSH to a remote ESXi server with a weird port number for SSH...
& since SCP runs over SSH...
Could be used for automatically copying backups to/from an offsite server...
hhhmmm...
