From VMware ESXi Server 5.0 Security Technical Implementation Guide
Part of SRG-OS-99999-ESXI5
Associated with: CCI-000366
The ESXi Shell is an interactive command line interface (CLI) available at the ESXi server console. The ESXi shell provides temporary access to commands essential for server maintenance. Intended primarily for use in break-fix scenarios, the ESXi shell is well suited for checking and modifying configuration details, not always generally accessible, using the vSphere Client. The ESXi shell is accessible remotely using SSH. Under normal operating conditions, SSH access to the host must be disabled. As with the ESXi shell, SSH is also intended only for temporary use during break-fix scenarios. SSH must therefore be disabled under normal operating conditions and must only be enabled for diagnostics or troubleshooting. Remote access to the host must therefore be limited to the vSphere Client at all other times.
From the vSphere client, select the ESXi host, go to "Configuration >> Security Profile". In the "Services" section select "Properties". Verify 'SSH' is stopped. If the SSH service is running, this is a finding.
From the vSphere client, select the ESXi host, go to "Configuration >> Security Profile". In the "Services" section select "Properties". Select "SSH", "Options..." and configure the 'SSH' option to "Start and stop manually".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer