Disabling SSH Publickey on VMware Aria Automation (formerly known as vRealize Automation)
search cancel

Disabling SSH Publickey on VMware Aria Automation (formerly known as vRealize Automation)

book

Article ID: 322713

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Are the SSH PublicKeys disabled on the Aria Automation appliances, if not, what will be the impact?

Environment

VMware vRealize Automation 8.x
VMware Aria Automation 8.12.x

Resolution

  1. The SSH Public Keys are disabled (the line is commented) by default on the file /etc/ssh/sshd_config
---------------------- Partial file output---------------------------
#       $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 4
MaxSessions 1

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys

#AuthorizedPrincipalsFile none
[...]
----------------------------------------------------------------------------------------------------------------------------
  1. This will not impact upgrades or any day 2 action requested on VMware Aria Suite Lifecycle (formerly known as vRealize Suite Lifecycle Manager) since for this action the root account and password are used.