ESXi: esxi-8.shell-warning

Information

The ESXi host must not suppress warnings that the ESXi shell is enabled. Warnings indicating that SSH or the ESXi Shell is enabled can be clues that an attack is in progress. It is important to ensure that SSH and the ESXi Shell are deactivated, and that this variable is not set.

Solution

Get-VMHost -Name $ESXi | Get-AdvancedSetting UserVars.SuppressShellWarning | Set-AdvancedSetting -Value 0

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/