UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must remove keys from the SSH authorized_keys file.


Overview

Finding ID Version Rule ID IA Controls Severity
V-63227 ESXI-06-000029 SV-77717r1_rule Medium
Description
ESXi hosts come with SSH which can be enabled to allow remote access without requiring user authentication.  To enable password free access copy the remote users public key into the "/etc/ssh/keys-root/authorized_keys" file on the ESXi host.  The presence of the remote user's public key in the "authorized_keys" file identifies the user as trusted, meaning the user is granted access to the host without providing a password.  If using Lockdown Mode and SSH is disabled then login with authorized keys will have the same restrictions as username/password.
STIG Date
VMware vSphere ESXi 6.0 Security Technical Implementation Guide 2017-01-06

Details

Check Text ( C-63961r1_chk )
Log in to the host and verify the /etc/ssh/keys-root/authorized_keys file does not exist or is empty (zero bytes):
# ls -la /etc/ssh/keys-root/authorized_keys

or

#cat /etc/ssh/keys-root/authorized_keys

If the authorized_keys file exists and is not empty, this is a finding.
Fix Text (F-69145r1_fix)
As root, log in to the host and zero/remove /etc/ssh/keys-root/authorized_keys file:
# >/etc/ssh/keys-root/authorized_keys
or
# rm /etc/ssh/keys-root/authorized_keys