vSphere Hardening – G4 : Disable Authorized (SSH) Keys

Guideline ID : ESXi.remove-authorized-keys

Vulnerability Discussion : ESXi hosts come with SSH which can be enabled to allow remote access without requiring user authentication.  To enable password free access copy the remote users public key into the "/etc/ssh/keys-root/authorized_keys" file on the ESXi host.  The presence of the remote user's public key in the "authorized_keys" file identifies the user as trusted, meaning the user is granted access to the host without providing a password.  If using Lockdown Mode and SSH is disabled then login with authorized keys will have the same restrictions as username/password. This is a change enacted in 5.1 … Read The Rest ......



via Latest imported feed items on VMware Blogs https://ift.tt/2IJJ4s4
RSS Feed

If New feed item from https://blogs.vmware.com/feed, then send me an email at kr

IFTTT

Comments

Popular posts from this blog

Evernote cuts staff as user growth stalls

The best air conditioner

We won't see a 'universal' vape oil cartridge anytime soon