• VMware vSphere ESXi 8.x
• VMware vSphere ESXi 9.x
• VMware vCenter Server 8.x
• VMware vCenter Server 9.x

"The ESXi host's internal 'authorized_keys' file contains an entry (often default or legacy) that the Host Profile does not expect, or the keys are listed in a different order than what is defined in the profile."

To resolve this issue, you can choose one of the following methods:

1. Add the Key: Ensure the required authorized SSH key for the root user is included in the host profile that is attached to the Host.
2. Remove the Key: Delete the existing key from the ESXi host's authorized_keys file.

Steps to add authorized Keys:

• The key can be found on the ESXi host at location /etc/ssh/keys-root/authorized_keys
• Compare the compliant and non-complaint hosts. If the keys are presented in the compliant host, add the authorized_keys to the non-complaint hosts.

1. SSH to the ESXi Host
2. copy the keys from the healthy host from the location "/etc/ssh/keys-root/authorized_keys"
3. Paste the keys on the issue host to the location by editing the file authorized_keys in the location.
4. To edit the file, use the vi command and paste the copied keys from the healthy host.
   ## vi /etc/ssh/keys-root/authorized_keys
5. save the file wq! (write, quit)
6. Remediate the host.

Steps to remove authorized keys:

1. SSH to the ESXi Host
2. Backup the file using cp /etc/ssh/keys-root/authorized_keys /etc/ssh/keys-root/authorized_keys.bak
3. Clear contents of the file using the command: echo "" /etc/ssh/keys-root/authorized_keys

Refer to the order of the keys if multiple keys are present in the location.

Remediating an ESXi host using host profiles results in sshKey being non-compliant during compliance check