Using SSH Public Key Authentication with vMA

If you are using the vSphere Management Assistant (vMA) on a daily bases you might want to simplify the login process. Public Key authentication is an authentication method that relies on a generated public/private keypair and enables the login without entering a password.

What do you need?

  • PuTTY (The well known SSH Client)
  • PuTTYgen (To genereate your SSH Key)
  • Pagent (The SSH authenticatien Agent, required for key authentication)

All programs are free and available for download here.

Generate your SSH key pair
If you already have your own SSH Key, you can skip this step.

1. Open PuTTYgen
2. Click "Generate"
3. Move the mouse to generate random data. The result should look like this:
sshkey_1

4. Click "Save public key" and choose a path
5. Click "Save private key" and choose a path. If you want to use this key for production you should set a passphrase at this point!

Enable the SSH authenticatien Agent
1. Start Pagent
2. Doubleclick the Pagent Trayicon
3. Click "Add Key" and open your private key file (.ppk)sshkey_2

Transfer your private key to the vMA Appliance
1. Connect to the vMA using PuTTY
2. Login with the vi-admin user
3. Create the required files for the authorized keys. You should be familiar with vi to create and edit the keyfile. The key you have to copy is the string created with PuTTYgen, starting with "ssh-rsa".

vi-admin@vma:~> mkdir .ssh
vi-admin@vma:~>vi .ssh/authorized_keys

4. Press i to enter "Insert Mode"
5. Copy your public key and paste it into vi (right click)
6. Press <ESC> :wq <ENTER> to save and quit vi

sshkey_3

Activate the SSH Server for key authentication
1. To activate key authentication you have to uncomment the following 2 lines in /etc/ssh/sshd_config:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

2. You need root privileges so you have to use sudo (requires to enter your password again). To uncomment the lines using vi just move the cursor to the line (should be line 47+48) and press x

vi-admin@vma:~> sudo vi /etc/ssh/sshd_config

sshkey_4

3. Press :wq <ENTER> to save and quit vi
4. Restart the ssh daemon

vi-admin@vma:~> sudo /etc/init.d/sshd restart


Done!

Now you should be able to login without entering a password. If it does not work after a reboot, make sure that Pagent is running and your keyfile is loaded.

If the authentication still does not work, examine the /var/log/messages file for error messages:

vi-admin@vma:~> tail -f /var/log/messages |grep sshd
  1. VCSA6 Bash and SSH Key Activation | Virten.net - pingback on October 9, 2015 at 11:06 pm

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Trackbacks and Pingbacks: