{
	"id": "fcdca0ee-f8ed-43ed-992b-06d088d3f993",
	"created_at": "2026-04-06T00:12:46.595495Z",
	"updated_at": "2026-04-10T03:20:05.321443Z",
	"deleted_at": null,
	"sha1_hash": "9acfaba985e549590cc5b0f25187dfd77809a166",
	"title": "Allowing SSH access to VMware vSphere ESXi/ESX hosts with public/private key authentication",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 105232,
	"plain_text": "Allowing SSH access to VMware vSphere ESXi/ESX hosts with\r\npublic/private key authentication\r\nArchived: 2026-04-05 13:22:09 UTC\r\nAllowing SSH access to VMware vSphere ESXi/ESX hosts with public/private key authentication\r\ncalendar_today\r\nUpdated On: 10-05-2025\r\nProducts\r\nVMware vSphere ESXi\r\nIssue/Introduction\r\nThis article provides steps to allow SSH access to VMware vSphere ESXi/ESX hosts with public/private key\r\nauthentication rather than with username/password authentication.\r\nEnvironment\r\nVMware vSphere ESXi 8.0\r\nVMware vSphere ESXi 7.0\r\nResolution\r\nNote: VMware vSphere ESXi does not support preserving SSH-Keys for Active Directory users.\r\nTo allow SSH access to ESXi or ESX hosts with public/private key authentication:\r\n1. Generate public/private keys on ESXi by running the below command: \r\n/ usr / lib / vmware / openssh / bin / ssh - keygen - t rsa -b 4096\r\nExample:\r\nhttps://knowledge.broadcom.com/external/article/313767/allowing-ssh-access-to-vmware-vsphere-es.html\r\nPage 1 of 3\n\nFor more information, see the OpenBSD Reference Manual section in the OpenBSD\r\n2. The above command will generate two files, private and a public key in the specified location. Example:\r\nPrivate Key : key_file_name\r\nPublic Key: key_file_name.pub\r\n3. On the ESXi host, store the public key content in /etc/ssh/keys-root/authorized_keys.\r\n(e.g. cat key_file_name . pub \u003e\u003e authorized_keys)\r\nNotes: \r\nThe above step will store the public key for the root user.\r\nMore than one key can be stored in this file.\r\n \r\n4. Ensure the PermitRootLogin parameter is set to yes in /etc/ssh/sshd_config. \r\nNote: (optional) To disable password logins via SSH to ESXi host, change\r\nChallengeResponseAuthentication and PasswordAuthentication to no in /etc/ssh/sshd_config.\r\nIn ESXi version 8.0.1 and later, the PasswordAuthentication option is no longer configurable. To achieve\r\nequivalent functionality, set the ChallengeResponseAuthentication parameters to yes\r\nesxcli system ssh server config set -k challengeresponseauthentication -v yes\r\nNote: No need to restart the SSH service for the above esxcli command.\r\n5. Reload the SSH service:\r\nhttps://knowledge.broadcom.com/external/article/313767/allowing-ssh-access-to-vmware-vsphere-es.html\r\nPage 2 of 3\n\nFor ESXi, run the command:\r\n/ etc / init . d / SSH restart\r\nTo login from a linux machine(could be ESXi or vCenter appliance):\r\n1. Copy the private key to the linux machine.\r\n2. Browse to the path where the private key resides.\r\n3. Change the permission on the private key file using the command: chmod 600 \u003cprivate_key_file\u003e\r\n4. Run the below command:\r\nssh -i \u003c private_key_file \u003e - l root \u003c esxi_hostname \u003e\r\nAdditional Information\r\nFeedback\r\nWas this article helpful?\r\nthumb_up Yes\r\nthumb_down No\r\nSource: https://knowledge.broadcom.com/external/article/313767/allowing-ssh-access-to-vmware-vsphere-es.html\r\nhttps://knowledge.broadcom.com/external/article/313767/allowing-ssh-access-to-vmware-vsphere-es.html\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://knowledge.broadcom.com/external/article/313767/allowing-ssh-access-to-vmware-vsphere-es.html"
	],
	"report_names": [
		"allowing-ssh-access-to-vmware-vsphere-es.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434366,
	"ts_updated_at": 1775791205,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9acfaba985e549590cc5b0f25187dfd77809a166.pdf",
		"text": "https://archive.orkl.eu/9acfaba985e549590cc5b0f25187dfd77809a166.txt",
		"img": "https://archive.orkl.eu/9acfaba985e549590cc5b0f25187dfd77809a166.jpg"
	}
}