Hacking ESXi For SSH Login Without Password

As a powerful virtualization server, ESXi has a built-in SSH server even though it’s not enabled by default. That is what most system adminstrators use to remotely run commands there. ESXi also has a built-in SSH client so that you can ssh to other servers from ESXi. To use SSH as either server or client, you need to open up firewall. You can use vSphere Client to do it ( on host’s Configuration tab, check out the Security Profile in Software section), or simple with command line as follows.

~ # vim-cmd hostsvc/firewall_enable_ruleset sshServer
~ # vim-cmd hostsvc/firewall_enable_ruleset sshClient

Note: the following firewall_disable_ruleset sub-command is to close up firewall on certain ports in case you want to reverse them. For trying the rest of the commands, don’t run them.

~ # vim-cmd hostsvc/firewall_disable_ruleset sshServer
~ # vim-cmd hostsvc/firewall_disable_ruleset sshClient

If you want to use SSH client in ESXi without password, which is harder than to SSH to it without password, you need to do a bit more work. Most of the tutorials you find will not work because there is no ssh-keygen command in ESXi. The following are the steps on hacking this.

First, find a Linux machine which normally has ssh-keygen already. I here use the SSH server for ESXi. In that Linux machine, login as the user you want to use for logining from ESXi server, say root, and run the ssh-keygen command. When prompted “Enter file in which to save the key (/root/.ssh/id_rsa)”, type in esx_id_rsa. For the rest of the questions, just enter. When it’s done, you will have two more files in the /root/.ssh/ directory: esx_id_rsa and esx_id_rsa.pub. The first is the private RSA key and the second is the public RSA key.

# ssh-keygen

Secondly, copy the public key into the /root/.ssh/authorized_keys file as follows: (don’t use > in place of >>, or you would lose other authorized keys)

# cat esx_id_rsa.pub >> ./authorized_keys

Thirdly, send the private RSA key to the ESXi server. You can use scp from either side. The following is the command from ESXi side. If you don’t have /.ssh directory, create one with mkdir command.

~ # mkdir /.ssh
~ # scp root@192.168.8.8:/root/.ssh/esx_id_rsa /.ssh/id_rsa

After that, you can use ssh command back to the SSH server

~ # ssh 192.168.8.8

For the first time, it would check with you whether you want to connect to remote server with printed thumbprint. If can skip it with additional command options, but you can also type yes and the remote server ID will be saved to /.ssh/known_hosts so you won’t be asked again later.

To simplify the process, we use the same Linux machine for key generation and for SSH server. Now that you have the public key and you can send it to whatever remote SSH server and copy (cat) in the ~/.ssh/authorized_keys.

Can you do the same when ESXi as SSH server? In other words, can you login ESXi from another machine without password? Try it out by yourself. It should be easier (Hint, think about /.ssh/authorized_keys).

This entry was posted in Virtualization and tagged , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

3 Comments

  1. ato
    Posted November 22, 2013 at 7:10 pm | Permalink

    In ESXi authorized_keys file for root user is located in /etc/ssh/keys-root directory
    so the best way to add your own pub key to it is:

    cat “your-public-key-file” | ssh esxihost “cat – >> /etc/ssh/keys-root/authorized_keys”

    You can also set default user to root if you are logging to esxihost by adding:

    Host esxihost
    User root

    to your ssh config file – ~/.ssh/config so you can simpyi do:

    ssh esxihost

    -a

  2. Posted November 24, 2013 at 10:57 pm | Permalink

    Thanks a lot Ato!

    The script is very handy.

    Wish the same password less login is possible with vSphere API to ESXi.

    Steve

  3. Posted December 5, 2013 at 7:50 am | Permalink

    Just flew over my head, don’t understand what the queries are meant to do.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • NEED HELP?


    My consulting helps clients with virtualization and cloud computing, including VMware infrastructure automation and orchestration, vSphere management APIs, and deep product integration with hypervisors. Current training offerings include vSphere APIs training, vCenter Orchestrator training, and etc. Should you, or someone you know, need these consulting services or training, please feel free to contact me: steve __AT__ doublecloud.org.

    Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.