File-Based Backup and Restore – VCHA
December 7, 2023SSH Key based authentication for vCenter using Putty
December 9, 2023SSH Key based authentication for vCenter using Openssh
How SSH Keys work?
An SSH server has the capability to verify the identity of clients through various methods. The most basic among these is password authentication, which, while convenient, falls short in terms of security.
Despite the secure transmission of passwords to the server, they often lack the complexity and length needed to withstand persistent attacks. Modern computational power, coupled with automated scripts, renders brute-forcing a password-protected account quite feasible. While additional security measures such as fail2ban exist, SSH keys emerge as a dependable and secure alternative.
SSH key pairs comprise two cryptographically secure keys employed for client authentication on an SSH server—namely, a public key and a private key.
The private key, held exclusively by the client, must remain highly confidential. Compromising the private key grants an attacker unauthorized access to servers configured with the corresponding public key, bypassing additional authentication. For added security, the private key can be encrypted on disk with a passphrase.
In contrast, the associated public key can be freely shared without adverse consequences. This public key facilitates the encryption of messages that only the private key can decipher, serving as the foundation for authentication using the key pair.
To enable SSH access to a remote server, the public key is uploaded to the server and added to a specific file within the user account, typically located at ~/.ssh/authorized_keys.
During an SSH key-based authentication attempt, the server assesses whether the client possesses the private key. Successful verification results in the initiation of a shell session or the execution of the requested command.
Step 1: Create SSH Keys
Start by generating an SSH key pair
ssh-keygen -t ed25519
Step 2: Copy the contents of the key pair
cat C:\Users\xxxxxx/.ssh/id_ed25519.pub
Step 3: Paste the contents in vCenter
Take an SSH to vCenter and edit the authrized_keys file and paste the contents of id_ed25519.pub
vi .ssh/authorized_keys
Also, the key based authentication would work only on Bash shell and not on the default appliancesh shell of vCenter. So make sure to change the default shell of the use
chsh -s /bin/bash root
Now, we can test if the authentication works.
ssh root@<IP_FQDN_vCenter>
Yes! OpenSSH was able to successfully login to vCenter using SSH Key and not by password.