| Guideline ID : ESXi.remove-authorized-keys Vulnerability Discussion : ESXi hosts come with SSH which can be enabled to allow remote access without requiring user authentication. To enable password free access copy the remote users public key into the "/etc/ssh/keys-root/authorized_keys" file on the ESXi host. The presence of the remote user's public key in the "authorized_keys" file identifies the user as trusted, meaning the user is granted access to the host without providing a password. If using Lockdown Mode and SSH is disabled then login with authorized keys will have the same restrictions as username/password. This is a change enacted in 5.1 … Read The Rest ......
via Latest imported feed items on VMware Blogs https://ift.tt/2IJJ4s4 |  |
Comments
Post a Comment