SSH Public Key is removed from ESXi

  • 2 March 2017
  • 4 replies
  • 1854 views

Badge +1
Hi,we are running 20 Nutanix Nodes with AOS 5.0.1 and ESXi 6.0 as hypervisor. Normally we using passwordless login to the ESXi host using SSH Keys. So we copy our public key as usual to /etc/ssh/keys-%u/authorized_keys, but after a reboot of the ESXi Host our keys are removed.So I modified the sshd_config on the ESXi host to use multiple authorized_keys- AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys+ AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys /etc/ssh/keys-%u/authorized_keys2But even with this config, the authorized_keys2 is also deleted.Can anyone assist me to solve this issue in case of our internal security guidline to use passwordless login.Best regardsMarkus

This topic has been closed for comments

4 replies

Userlevel 1
Badge +6
Hi Markus,

maybe this will help you?

http://cormachogan.com/2016/04/13/ssh-esxi-hosts-without-providing-password/

The key is persistent storage so the nutanix nfs datastores?

Best regards,
Thomas
Badge +1
I don't know if this will help me.

[root@esxi-hp-06:~] chmod +t /etc/ssh/keys-root/authorized_keysThis will be a step that will help, but I think the CVM will overwrite this file from time to time.
Userlevel 6
Badge +29
http://next.nutanix.com/t5/Scripts/CVM-restart-clearing-authorized-hosts-from-SSH-file/m-p/17549/highlight/true#M225 perhaps?
Badge +1
I think the mistake I made, was that I added the key manually to the ESXi Host as I did it in the past with our other VMware ESXi Host. But with the Nutanix Nodes I need to add the Key within the Prism Console using the Cluster Lockdown Feature.
I will test this and will report about it soon.