SSH is a commonly used Unix and Linux command shell that lets you remotely log in to the service console and perform certain management and configuration tasks for the host. SSH is used for secure logins and data transfers because it offers stronger protection than other command shells.

In this ESX release, the SSH configuration is enhanced to provide a higher security level. This enhancement includes the following key features.

Version 1 SSH protocol disabled – VMware no longer supports Version 1 SSH protocol and uses Version 2 protocol exclusively. Version 2 eliminates certain security issues present in Version 1 and provides you with a safer communications interface to the service console.

Improved cipher strength – SSH now supports only 256-bit and 128-bit AES ciphers for your connections.

Limits on remote logins as root – You can no longer remotely log in as root. Instead, you log in as an identifiable user and either use the sudo command to run specific operations that require root privileges or enter the su command to become the root user.

Note

The sudo command provides security benefits in that it limits root activities and helps you check for possible misuse of root privileges by generating an audit trail of any root activities that the user performs.

These settings are designed to provide solid protection for the data you transmit to the service console through SSH. If this configuration is too rigid for your needs, you can lower security parameters.