Details

http://pubs.vmware.com/vsphere-51/topic/com.vmware.vsphere.security.doc/GUID-392ADDE9-FD3B-49A2-BF64-4ACBB60EB149.html

Solution

To check for SSH keys added to the authorized_keys file-1. Logon to the ESXi shell as root or an authorized admin user.
2. Verify the contents of the /etc/ssh/keys-root/authorized_keys file.
3. If the file is not empty remove any keys found in the file.

Impact-Disabling the SSH authorized_keys access may limit your ability to run unattended remote
scripts.

Default Value-The prescribed state is the default state.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/902

This control applies to the following type of system VMware.

Source

• Tenable.com/audits