For remote connections, all hardened appliances include the Secure Shell (SSH). Because many appliances do not include default user accounts, the root account might still be able to directly log in through SSH.

To meet the compliance standards for nonrepudiation, the SSH server on all hardened appliances comes preconfigured with the “AllowGroups wheel” entry to restrict SSH access to the secondary group wheel.

Group separation provides a method for users to SSH to the appliance, but not have the ability to su to root. For proper appliance functionality, do not remove or modify other entries in the AllowGroups field. Any change will require a restart of the SSH daemon.

Prior to removing root SSH access, create the local administrative accounts that can both use SSH and/or are members of the secondary wheel group.

Direct root login to SSH is removed by modifying the /etc/ssh/sshd_config file, setting the PermitRootLogin to no, and restarting sshd.

Restrict SSH access with the proper entries to limit access. All VMware virtual appliances include the tcp_wrappers package to allow TCP supported daemons to control the network subnets that can access the libwrapped daemons.

By default, the /etc/hosts.allow file contains a generic entry to allow all access to the secure shell:

VMware recommends that this entry be changed for production environments to include only the localhost entries and the management network subnet for secure operations, such as:

This example will allow all localhost connections and connections made by clients on the 10.0.0.0 subnet.

By default, the hardened appliances allow direct login to root through the console. After administrative accounts have been created for non-repudiation and tested for wheel access (su – root), direct root logins can be disabled by editing the /etc/securetty file as root and replacing the entry

with

Consider implementing the following if compliance with the STIG is required, or policy dictates it: