From VMware vSphere ESXi 6.0 Security Technical Implementation Guide
Part of SRG-OS-000480-VMM-002000
Associated with: CCI-000366
ESXi hosts come with SSH which can be enabled to allow remote access without requiring user authentication. To enable password free access copy the remote users public key into the "/etc/ssh/keys-root/authorized_keys" file on the ESXi host. The presence of the remote user's public key in the "authorized_keys" file identifies the user as trusted, meaning the user is granted access to the host without providing a password. If using Lockdown Mode and SSH is disabled then login with authorized keys will have the same restrictions as username/password.
Log in to the host and verify the /etc/ssh/keys-root/authorized_keys file does not exist or is empty (zero bytes): # ls -la /etc/ssh/keys-root/authorized_keys or #cat /etc/ssh/keys-root/authorized_keys If the authorized_keys file exists and is not empty, this is a finding.
As root, log in to the host and zero/remove /etc/ssh/keys-root/authorized_keys file: # >/etc/ssh/keys-root/authorized_keys or # rm /etc/ssh/keys-root/authorized_keys
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer