All,
Thanks for any help you can provide in advance, I am being pressed into leaving SSH enabled across out estate by the security team (all be it with IP limited rules in place). The purpose of this is so our security appliance’s can scan the hosts. Perhaps I am being slightly anal but this irks be so I thought I would run it past the community and get a more unbiased opinion. Aside from the fact it feels wrong and its seemingly an unnecessary service using up resource (admitedly a small amount) and will nag me with exclamation marks does anyone know if VMware verry specifically approve/disapprove of it?
I am also concerned that it might mean we are no longer PCS DSS complaint. I initially suggest we run a script to briefly disable it prior ot a scan. What are everyone else’s thoughts on the matter?
VMware's recommendation is on row 4: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vsphere-6.7-update-1-securit...
same here , any best practices ?
Please refer ESXi SSH security to plan better: