ESXI-65-000029 - The ESXi host must remove keys from the SSH authorized_keys file.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

ESXi hosts come with SSH which can be enabled to allow remote access without requiring user authentication. To enable password free access copy the remote users public key into the '/etc/ssh/keys-root/authorized_keys' file on the ESXi host. The presence of the remote user's public key in the 'authorized_keys' file identifies the user as trusted, meaning the user is granted access to the host without providing a password. If using Lockdown Mode and SSH is disabled then login with authorized keys will have the same restrictions as username/password.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, zero or remove the /etc/ssh/keys-root/authorized_keys file:

# >/etc/ssh/keys-root/authorized_keys

or

# rm /etc/ssh/keys-root/authorized_keys

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CAT|II, CCI|CCI-000366, Rule-ID|SV-207630r388482_rule, STIG-ID|ESXI-65-000029, STIG-Legacy|SV-104091, STIG-Legacy|V-94005, Vuln-ID|V-207630

Plugin: Unix

Control ID: f8aef59883969ba202bb04d9df6515e54be598fb5ce15ef6ba6a55b16fd108b0