• You may encounter non-compliance errors related to SSH key configuration, such as:
    - SSH public key not present in profile for root
• The Host Profile > Security and Services > Security Settings > Security > User Configuration > Root shows the correct key configuration.
• Multiple keys are registered in "/etc/ssh/keys-root/authorized_keys".
• When you check the contents of "/etc/ssh/keys-root/authorized_keys" on a compliant ESXi host and a non-compliant ESXi host, you will notice that the contents are the same but in a different order.
  

  Example:
  -- Compliant ESXi host
  ssh-rsa < Key-A > host-name-A
  ssh-rsa < Key-B > host-name-B
  ssh-rsa < Key-C > host-name-C
  ssh-rsa < Key-D > host-name-D
  ssh-rsa < Key-E > host-name-E

  -- Non-compliant ESXi host
  ssh-rsa < Key-D > host-name-D
  ssh-rsa < Key-A > host-name-A
  ssh-rsa < Key-C > host-name-C
  ssh-rsa < Key-B > host-name-B
  ssh-rsa < Key-E > host-name-E

VMware vSphere ESXi 8.0

When remediating an ESXi host using a host profile, the order of the keys changes, which causes a discrepancy between the contents of the authorized_keys registered in the host profile and the contents of the authorized_keys registered in the host profile, resulting in a compliance check failure.
Note: This change in the order of the keys also occurs when rebooting an ESXi host remediated with a host profile.

There is currently no workaround for this issue. It will be fixed in a future release.
You can temporarily make the non-compliant ESXi host compliant by changing the contents of the authorized_keys file to the same order as the keys registered in the host profile.

ESXi Host not compatible with attached Host Profile due to SSH authorized key value mismatch. Error "SSH public key not present in profile for root"

Japanese KB: ホストプロファイルを使用して ESXi ホストを修正するとコンプライアンスチェックで sshKey が非準拠となる