A Sysadmins blog

I once was 404, but now am 200.

Archive for the ‘SSH’ tag

SSH Access as root to your ESX 3.5 Server

with 2 comments

Lately I have been playing with ESX 3.5 and ESXi getting ready for a deployment at $work. Bellow is a tip to people want access using SSH keys to the root account.

As described in RTFM Education’s ESX guide it is possible to allow root user SSH/SCP/SFTP access to your ESX 3.5 server.

Disabling Auditing on ROOT (Not Recommended)
Note:
• Some applications do not support levitation to a higher plain – for example
WinSCP. Sure you could use WinSCP to gain access as an ordinary user,
but then you might lack permission to copy the files you need. If you try
to logon as root, WinSCP will give you access denied.
• If you wish to disable the restriction on ROOT not being allowed direct
access using SSH then carry out the following task. I wouldn’t recommend
doing this as you will loose enforcement of your audit trail.
1. nano –w /etc/ssh/sshd_config
2. Locate: PermitRootLogin no
3. Place a # in front of PermitRootLogin no like so: #PermitRootLogin no
4. Exit Nano & Save the file
5. Restart sshd with service sshd restart

You just need to modify the SSH daemon configuration. The described step will allow your root account open to logins with a password. In todays internet this is less than a great idea.

Personally, I like console logins as root to some servers using SSH keys. To enable root logins that allow SSH keys but disallow passwords edit your /etc/ssh/sshd_config as follows

1. Change the line readiing “PermitRootLogin no” to “PermitRootLogin without-password

2. Add the line “PermitEmptyPasswords no” underneath.

3. Save and exit

4. Restart SSHD “service sshd restart

Now you will need to place your ssh public key in the file system path “/root/.ssh/authorized_keys”

For further security you can restrict what hosts the key can login from. This is done by placing “from=hostname.domain.com” in front off the public key. It must all be on the one line.

Now you can use your SSH key to authenticate as the root user.

This guide assumes you have another user that has SSH access and can “su” to root on the ESX host. There is plenty of information in google on how to do that already. It also assumes you have a SSH keypair or can figure out how to generate them.

Written by pdeaudney

November 7th, 2008 at 7:04 pm

Posted in linux,systems administration,VMware

Tagged with , ,