Hello,

While it is possible to use this mode 'unsupported' it is just that. It is not recommended that you use this mode at all.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

Yes, that's definitely VMware's take on it. And, yet, if you know what you're doing, it can be very, very useful. I use the unsupported console as well as SSH access pretty frequently and find it a nice thing to have available to me for managing my ESXi hosts.

If you don't know much about UNIX, I certainly don't recommend that you try to use this console as you can very, very easily damage something. For people who are familiar with UNIX and are careful about what they touch, I don't see the harm in using it.

Hello,

The main reason not to directly login to ESXi is that it lowers the over all security stance of the system. There could be split brain authentication and authorizations. You are now running one more Daemon which is just one more attack point. Granted this should be mitigated by the use of an administrative network as well. THe main concern is that with SSH access you can do some pretty serious damage. Without it, you are limited to what the RCLI/VIC allow you to do, which is significantly less.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

I see your point, however there are many, many servers that run that "one more attack point" SSH daemon - it is a proven, secure method for remote access. (I'm not saying it's unbeatable, unattackable, or that no one has ever broken into a server over SSH, just that it is one of the better methods for remote access to a system.) SSH access to ESXi will allow you to shoot yourself in the foot pretty easily because the "protection" inherent in using the client, which limits what sorts of tasks you can do, is not there. However, in terms of a hacker's ability to get at your ESXi system and compromise it, download data, etc., I don't see how SSH is substantially more or less secure than the client login itself. Sure, it may let them install some sort of Trojan or other monitoring application that may go undetected, but it isn't going to do any worse a job at preventing someone from stealing your data, deleting virtual machines, uploading their own data, creating VMs, etc., than the VI Client and it's associated interfaces. Furthermore, ESXi also has a web interface that allows you to download files from the host, and a couple other methods of remote access, like the RCLI, that allow people to get at the system in a similar fashion to SSH. In my estimation, the overall impact to the security of the system is minimal when you enable SSH. Furthermore, I do have a management network, and not only to I prevent people from logging in via SSH to my ESXi hosts, I prevent them from making any connections at all to my ESXi hosts.

I guess my "bottom line" point is this: whether or not SSH is enabled on your ESXi hosts is not going to make or break the security of those hosts. It may go a long way toward preventing accidental mistakes on ESXi, but if someone really wants to and really has the ability to screw with your system, they're going to do it with or without SSH.

Hello,

Actually, without SSH support the only way to really do some damage is either from a damaged RCLI/VIC session or via 'Console' access using the unsupported mode. Basically if they can get to the console anyways it is game over.

If they can login directly as root over SSH then it is also game over. That is the case with any system. But before enabling SSH, this possibility was limited to strict console access which generally requires physical access, so in effect you have lowered the over all security stance. Granted ILO and DRAC utilization has grown so now consoles are network accessible using different credentials, etc. However, these devices should be on a separate non-DMZ, non-production network.

Yes there are SSH MiTM attacks that can take place and pre-shared keys is the way to mitigate that concern.. But that is also why I stated you need to have an administrative network that is itself secured by a firewall, etc.

ESXi is quite a bit different than ESX. You no longer have the VM container that ESX has for its console amoungst other things.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization