You can use SSH keys to restrict, control, and secure access to an ESXi host. By using an SSH key, you can allow trusted users or scripts to log in to a host without specifying a password.

You can copy the SSH key to the host by using the vifs vSphere CLI command. See Getting Started with vSphere Command-Line Interfaces for information on installing and using the vSphere CLI command set. It is also possible to use HTTPS PUT to copy the SSK key to the host.

Instead of generating the keys externally and uploading them, you can create the keys on the ESXi host and download them. See VMware Knowledge Base article 1002866.

Enabling SSH and adding SSH keys to the host has inherent risks and is not recommended in a hardened environment. See Disable Authorized (SSH) Keys.


For ESXi 5.0 and earlier, a user with an SSH key can access the host even when the host is in lockdown mode. This is fixed in ESXi 5.1.

You can use SSH to remotely log in to the ESXi Shell and perform troubleshooting tasks for the host.

If you decide you want to use authorized keys to log in to a host with SSH, you can upload authorized keys with a vifs command.

You can use authorized keys to log in to a host with SSH. You can upload authorized keys with HTTPS PUT.