OpenControls Logo

STIG Viewer

The vCenter Server must disable Secure Shell (SSH) access.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-258968VCSA-80-000303SV-258968r934562_ruleCCI-000366medium
Description
vCenter Server is delivered as an appliance, and intended to be managed through the VAMI, vSphere Client, and APIs. SSH is a troubleshooting and support tool and should only be enabled when necessary. vCenter Server High Availability uses SSH to coordinate the replication and failover between the nodes. Use of this feature requires SSH to remain enabled.
STIGDate
VMware vSphere 8.0 vCenter Security Technical Implementation Guide2023-10-11

Related Frameworks

4 paths across 3 frameworks
NIST 800-531 mapping
CM-6
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
  • DISA · V1R1 · disa_xccdf · related

Details

Check Text (C-258968r934562_chk)

Open the Virtual Appliance Management Interface (VAMI) by navigating to https://<vCenter server>:5480. Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the "SystemConfiguration.BashShellAdministrator" group. Select "Access" on the left navigation pane. If "SSH Login" is not "Deactivated", this is a finding.

Fix Text (F-62617r934561_fix)

Open the Virtual Appliance Management Interface (VAMI) by navigating to https://<vCenter server>:5480. Log in with local operating system administrative credentials or with a Single Sign-On (SSO) account that is a member of the "SystemConfiguration.BashShellAdministrator" group. Select "Access" on the left navigation pane. Click "Edit" then disable "Activate SSH Login" and click "OK".