Details

ESXi hosts come with SSH which can be enabled to allow remote access without requiring user authentication. To enable password free access copy the remote users public key into the ‘/etc/ssh/keys-root/authorized_keys’ file on the ESXi host. The presence of the remote user’s public key in the ‘authorized_keys’ file identifies the user as trusted, meaning the user is granted access to the host without providing a password. If using Lockdown Mode and SSH is disabled then login with authorized keys will have the same restrictions as username/password.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, zero or remove the /etc/ssh/keys-root/authorized_keys file:

# >/etc/ssh/keys-root/authorized_keys

or

# rm /etc/ssh/keys-root/authorized_keys

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M10_STIG.ziphttps://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.
• CAT|II
• CCI|CCI-000366
• Rule-ID|SV-207630r388482_rule
• STIG-ID|ESXI-65-000029
• STIG-Legacy|SV-104091
• STIG-Legacy|V-94005
• Vuln-ID|V-207630

Source

• Tenable.com/audits