Looking into this, its a little funny - you can SSH into ESXi, but not out. Dropbear has the ability to create a valid keypair, but theres no actual ssh binary in ESXi. However, you can make it happen.
1) "Create" an ssh symlink to dropbear:
ln -s /sbin/dropbearmulti /bin/ssh
This works because dropbearmulti is a multicall binary, which allows it to change behavior depending on how you execute it.
2) Create a keypair:
dropbearkey -t dss -f privatekeyfile -s 1024
Why 1024? Because thats the only keylength supported by DSS keys!. You'll end up with a file in the current directory called 'privatekeyfile' and the system will output a public key in SSH format on the screen:
~ # dropbearkey -t dss -f private -s 1024 Will output 1024 bit dss secret key to 'private' Generating key, this may take a while... Public key portion is: ssh-dss AAAAB3NzaC1kc3MAAACBAJbXscSKNxkxs3NYfMgMLs8tsh3iio9vFN3fzq8/5HrsgcGK3gHc+SQlLmhtP...hostname.domain
Copy all the lines of this starting from "ssh-dss" through to the end of "hostname.domain" to your clipboard.
3) Add this copied public key to your Linux host in the right location - usually ~/.ssh/authorized_keys:
linuxhost% cat .ssh/authorized_keys ssh-dss AAAAB3NzaC1kc3MAAACBANPYWCXvqAVK95Xa0qM1rUPM7h2CWB85d2Qk3paYsRU6x....
4) Now use the private key to make sure that it works from ESXi:
~ # ssh -i privatekeyfile email@example.com Last login: Tue Apr 12 15:01:15 2011 from domain.lan [user@host] (Linux 2.6.18-194.26.1.el5)%
Life is good!