NOTE: If everything went fine you will never be asked to provide the root password and can now execute batch commands via cron
Reboot and get the message file out of an ESXi box trying from another place scp -i id_rsa. Now put all the /.ssh stuff inside the oem.tgz
#HOW TO USE DROPBEAR SSH HOW TO#
In case you need it elsewhere and forgot how to build it again You can also copy the the id_dsa.pub and id_dsa.ssh to the same place and create an id_dsa.ppk fileĬopy the newly created id_rsa.ppk and id_dsa.ppk key to your ESXi box under /.ssh If you plan to use PuTTY as I do always, copy the id_rsa.pub and id_rsa.ssh to a PuTTY environment, rename id_rsa.ssh to Id_rsa and use puttygen to create an id_rsa.ppk (Putty Private Key) file NOTE: Please check that ALL private keys MUST have chmod 600 otherwise every SSH server refuse to use it, because other chmod are INSECURE! *id_rsa.ssh to id_rsa and id_dsa.ssh to id_dsa and you can use the same RSA/DSA keys everywhere:-)# *Ĭopy the RSA public key to authorized_keys with cat id_rsa.pub > authorized_keysĪppend the DSA public key to authorized_keys with cat id_dsa.pub > authorized_keys NOTE: This are your private SSH-Keys the public key remains the same.In other Linux/Windows Environment copy Now convert the DSA dropbearkey to SSH format by executing /bin/dropbearconvert dropbear openssh id_dsa id_dsa.ssh. Now convert the RSA dropbearkey to SSH format by executing /bin/dropbearconvert dropbear openssh id_rsa id_rsa.ssh. Make a copy of your DSA private dropbear key by executing cp id_dsa id_dsa.db Make a copy of your RSA private dropbear key by executing cp id_rsa id_rsa.db NOTE: Do not change anything else, only one line beginning with ssh-rsa or ssh-dss must exist. Open the /.ssh/id_rsa.pub and /.ssh/id_dsa.pub file and delete the first and last line with your favorite editor. Login as root into a fresh booted ESXi box.Ĭreate an hidden directory called /.ssh with mkdir /.sshĬreate the RSA dropbear key by executing /bin/dropbearkey -t rsa -f id_rsa -s 768 > id_rsa.pubĬreate the DSA dropbear key by executing /bin/dropbearkey -t dss -f id_dsa -s 1024 > id_dsa.pub Keep your keys expecially the private one secure by placing it inside encrypted filesystems or limit the usage by chmod 600 for user root. If you need more security restrictions you can put at the end of the ssh row a -g allowing root only to login using the identity file, not interactive anymore! You must have set for security reasons a root password anywayĭo not enable lockdown mode, otherwise you can only login via the DCUI. (Look here in this community forum for detailed explanation) You must have enabled the SSH server to login into the ESXi box. You need advice for creating non-root SSH keys inside an ESXi box, come back to me. I gonna try to explain the simpler way (root SSH-Keys), if The later task tends to be tedious but not impossible. Then creating the root keys is simpler, than creating the SSH-keys for other non-root First of all I discovered that the minimum keysize between SSH and dropbear keys are 768 BITS! Keep this
0 kommentar(er)
