ESXi: esxi-8.shell-interactive-timeout

Information

Configure the inactivity timeout to automatically terminate idle ESXi host shells. If a user forgets to log out of their SSH session, the idle connection will remain open indefinitely, increasing the potential for someone to gain privileged access to the host.

Solution

Get-VMHost -Name $ESXi | Get-AdvancedSetting UserVars.ESXiShellInteractiveTimeOut | Set-AdvancedSetting -Value 900

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-12, 800-53|SC-10, CCI|CCI-001133, CCI|CCI-002361

Plugin: VMware

Control ID: 43c2a89291239b22d8477645f8c37383ae1ee527b207949a8a7665332121fff4