Guideline ID : ESXi.remove-authorized-keys
Vulnerability Discussion : ESXi hosts come with SSH which can be enabled to allow remote access without requiring user authentication. To enable password free access copy the remote users public key into the “/etc/ssh/keys-root/authorized_keys” file on the ESXi host. The presence of the remote user’s public key in the “authorized_keys” file identifies the user as trusted, meaning the user is granted access to the host without providing a password. If using Lockdown Mode and SSH is disabled then login with authorized keys will have the same restrictions as username/password. This is a change enacted in 5.1 and not previously documented correctly.
Risk Profile : 1, 2, 3
Description : Disable Authorized (SSH) Keys
- For day-to-day operations, disable SSH on ESXi hosts.
- If SSH is enabled, even temporarily, monitor the contents of the /etc/ssh/keys-root/authorized_keys file to ensure that no users are allowed to access the host without proper authentication.
- Monitor the /etc/ssh/keys-root/authorized_keys file to verify that it is empty and no SSH keys have been added to the file.
- If you find that the /etc/ssh/keys-root/authorized_keys file is not empty, remove any keys.