SSH keys can restrict, control, and secure access to an ESXi host. An SSH key can allow a trusted user or script to log in to a host without specifying a password.

You can copy the SSH key to the host by using the vifs vSphere CLI command. See Getting Started with vSphere Command-Line Interfaces for information on installing and using the vSphere CLI command set. You can also use HTTPS PUT to copy the SSK key to the host.

Instead of generating the keys externally and uploading them, you can create the keys on the ESXi host and download them. See VMware Knowledge Base article 1002866.

Enabling SSH and adding SSH keys to the host has inherent risks. Weigh the potential risk of exposing a user name and password against the risk of intrusion by a user who has a trusted key.

Note: For ESXi 5.0 and earlier, a user with an SSH key can access the host even when the host is in lockdown mode. Starting with ESXi 5.1, a user with an SSH key can no longer access a host that is in lockdown mode.