ESXi: esxi-8.ssh-host-based-auth

Information

The ESXi host Secure Shell (SSH) daemon must not allow host-based authentication. System services must be hardened and secured when enabled.

Solution

$ESXcli = Get-EsxCli -VMHost $ESXi -V2
$arguments = $ESXcli.system.ssh.server.config.set.CreateArgs()
$arguments.keyword = 'hostbasedauthentication'
$arguments.value = 'no'
$ESXcli.system.ssh.server.config.set.Invoke($arguments)

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/