Details

http://pubs.vmware.com/vsphere-51/topic/com.vmware.vsphere.security.doc/GUID-12E27BF3-3769-4665-8769-DA76C2BC9FFE.html

Solution

Perform the following-1. From the vSphere web client select the host.
2. Select ‘Manage’ -> ‘Security Profile’.
3. Scroll down to ‘Services’.
4. Click ‘Edit…’.
5. Select ‘SSH’.
6. Click ‘Stop’.
7. Change the Startup Policy ‘to Start and Stop Manually’.Additionally, the following PowerCLI command will implement the recommended
configuration state-# Set SSH to start manually rather than automatic for all hosts
Get-VMHost | Get-VMHostService | Where { $_.key -eq ‘TSM-SSH’ } | Set-VMHostService – Policy Off

Default Value-The prescribed state is the default state.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/902

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

• 800-53|CM-7b.

Source

• Tenable.com/audits