If you are using the vSphere Management Assistant (vMA) on a daily bases you might want to simplify the login process. Public Key authentication is an authentication method that relies on a generated public/private keypair and enables the login without entering a password.
What do you need?
- PuTTY (The well known SSH Client)
- PuTTYgen (To genereate your SSH Key)
- Pagent (The SSH authenticatien Agent, required for key authentication)
All programs are free and available for download here.
Generate your SSH key pair
If you already have your own SSH Key, you can skip this step.
1. Open PuTTYgen
2. Click "Generate"
3. Move the mouse to generate random data. The result should look like this:
4. Click "Save public key" and choose a path
5. Click "Save private key" and choose a path. If you want to use this key for production you should set a passphrase at this point!
Enable the SSH authenticatien Agent
1. Start Pagent
2. Doubleclick the Pagent Trayicon
3. Click "Add Key" and open your private key file (.ppk)
Transfer your private key to the vMA Appliance
1. Connect to the vMA using PuTTY
2. Login with the vi-admin user
3. Create the required files for the authorized keys. You should be familiar with vi to create and edit the keyfile. The key you have to copy is the string created with PuTTYgen, starting with "ssh-rsa".
vi-admin@vma:~> mkdir .ssh vi-admin@vma:~>vi .ssh/authorized_keys
4. Press i to enter "Insert Mode"
5. Copy your public key and paste it into vi (right click)
6. Press <ESC> :wq <ENTER> to save and quit vi
Activate the SSH Server for key authentication
1. To activate key authentication you have to uncomment the following 2 lines in /etc/ssh/sshd_config:
2. You need root privileges so you have to use sudo (requires to enter your password again). To uncomment the lines using vi just move the cursor to the line (should be line 47+48) and press x
vi-admin@vma:~> sudo vi /etc/ssh/sshd_config
3. Press :wq <ENTER> to save and quit vi
4. Restart the ssh daemon
vi-admin@vma:~> sudo /etc/init.d/sshd restart
Now you should be able to login without entering a password. If it does not work after a reboot, make sure that Pagent is running and your keyfile is loaded.
If the authentication still does not work, examine the /var/log/messages file for error messages:
vi-admin@vma:~> tail -f /var/log/messages |grep sshd