It’s in Nutanix’s roadmap! Password authentication is in the sights of the publisher who intends to put an end to it and warn its users via an informational alert:

The objective is to gradually switch clients to SSH key authentication in order to impose it in a future version of its hypervisor.

Creating SSH keys

Supported SSH encryption algorithms are:

• AES128-CTR
• AES192-CTR
• AES256-CTR

If you already have such a key pair, you can proceed directly to cluster integration.

To create an SSH key pair, we will need a tool like PuttyGen.

Click “Generate” and move the mouse cursor over the window. Then indicate a passphrase then save the public key and the private key.

WARNING: be sure to use a strong, non-predictable passphrase.

We must now integrate the public key into the cluster.

Integration of the public key on the cluster

To integrate your public key into your cluster, connect to the Prism interface and go to “Settings > Cluster Lockdown”

Click on “New Public Key”, give it a name, paste the public key content and validate.

At this stage, classic password authentication and SSH key authentication are both active and functional, it is time to test.

Testing and activation of the cluster lockdown feature

First, we will test authentication via SSH key. Don’t panic, whatever happens, even if the SSH connection via the keys does not work after activating the cluster lockdown, you can always backtrack via the Prism interface.

Configure your favorite SSH connection tools, integrate your private key then launch a connection to your Nutanix cluster. First, enter the login you want to use, here I chose “nutanix”:

Then enter the passphrase that you configured when creating your SSH key. Validate, you are now connected to your cluster via your SSH key without having to use the password for the “nutanix” account.

Now let’s deactivate password authentication by returning to the “Settings > Cluster Lockdown” menu. Uncheck the “Enable Remote Login with Password” box:

Try logging in again using the “nutanix” account and the usual password and notice that you can no longer log in with this method:

Try with your private key and the associated passphrase :

Your cluster is now SSH accessible only via the SSH key system. If there are several administrators working on the server, don’t forget to repeat the operation for each of them.

Important point: remember to keep your private keys in a safe place and use a strong passphrase.

Official documentation

The Nutanix official documentation: https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Security-Guide-v6_7:mul-security-cluster-lockdown-pc-t.html