SSH Key based authentication for vCenter using Openssh

How SSH Keys work?

An SSH server has the capability to verify the identity of clients through various methods. The most basic among these is password authentication, which, while convenient, falls short in terms of security.

Despite the secure transmission of passwords to the server, they often lack the complexity and length needed to withstand persistent attacks. Modern computational power, coupled with automated scripts, renders brute-forcing a password-protected account quite feasible. While additional security measures such as fail2ban exist, SSH keys emerge as a dependable and secure alternative.

SSH key pairs comprise two cryptographically secure keys employed for client authentication on an SSH server—namely, a public key and a private key.

The private key, held exclusively by the client, must remain highly confidential. Compromising the private key grants an attacker unauthorized access to servers configured with the corresponding public key, bypassing additional authentication. For added security, the private key can be encrypted on disk with a passphrase.

In contrast, the associated public key can be freely shared without adverse consequences. This public key facilitates the encryption of messages that only the private key can decipher, serving as the foundation for authentication using the key pair.

To enable SSH access to a remote server, the public key is uploaded to the server and added to a specific file within the user account, typically located at ~/.ssh/authorized_keys.

During an SSH key-based authentication attempt, the server assesses whether the client possesses the private key. Successful verification results in the initiation of a shell session or the execution of the requested command.

Step 1: Create SSH Keys

Start by generating an SSH key pair

ssh-keygen -t ed25519

Step 2: Copy the contents of the key pair

cat C:\Users\xxxxxx/.ssh/id_ed25519.pub

Step 3: Paste the contents in vCenter

Take an SSH to vCenter and edit the authrized_keys file and paste the contents of id_ed25519.pub

vi .ssh/authorized_keys

Also, the key based authentication would work only on Bash shell and not on the default appliancesh shell of vCenter. So make sure to change the default shell of the use

chsh -s /bin/bash root

Now, we can test if the authentication works.

ssh root@<IP_FQDN_vCenter>

Yes! OpenSSH was able to successfully login to vCenter using SSH Key and not by password.