Virtual Security: VMware remote authentication

Ensure virtual security, harden VMware's remote authentication by changing VMware GSX Server's Remote Console port number as described in this excerpt from Virtualization: From the Desktop to the Enterprise.

VMware Remote Authentication: Changing VMware GSX Server's Remote Console Port Number

IT reseller takeaway: Harden remote authentication in VMware GSX Servers by changing the Remote Console default port numbers. Learn how in this excerpt from Virtualization: From the Desktop to the Enterprise.

If you're wondering if you can force the Remote Console authentication daemon (vmware-authd) to use a different port number, you can. In addition, if you want to take a minute to beef up security on your GSX Server, you should change the default port. Though a ping-sweep on your network may enumerate open ports on your server, changing the default port of GSX Server's Remote Console port will keep someone from specifically targeting the default port of 902. Don't select a common port, such as ports less than 1024. These ports are already assigned to common services, such as ports 25 (SMTP), 80 (HTTP), and 443 (HTTPS). To change the port, you'll need to follow these steps at the CLI:

1. Type vi /etc/xinetd.d/vmware-authd.

2. Find and change the port number to what you want. We'll use 9876 in this example.

3. Type vi /etc/vmware/config.

4. Change the authd.client.port entry to match your desired port number (9876).

5. Restart xinetd with service xinetd restart.

6. Restart the Management Interface with httpd.vmware restart.

GSX Server guests will be managed from the port you specified. Now, you'll need to use the VMware Remote Console application to connect to guest VMs. When connecting to the server, you'll need to specify your port number in the Connection field in addition to the IP address (for example, 9876). After entering your information, select Connect to proceed.

After connecting to your GSX Server though the Remote Console application, you can verify the port change. For instance, from within a Windows operating system such as Windows XP, you can execute the netstat command at the command line with the –n option, netstat –n. Under the Foreign Address column, locate your server's IP address and verify that the port being used is correct.

If you don't want to have to specify the port number to use when using Remote Console, you can configure it to use a specific port automatically. For Windows systems, create a file and label it config.ini. Place the file in C:Documents and SettingsAll UsersApplication DataVMwareVMware Remote Console. The file should have one line of code: authd.client.port = <portNumber>

If you're using a Linux client to connect to your host, you'll need to modify either /etc/vmware-console/config or /usr/lib/vmware-console/config. Add the following line of code: authd.client.port = <portNumber>


About the author   
Chris Wolf is an instructor at ECPI Technical College, as well as a leading industry consultant in enterprise storage, virtualization solutions, and network infrastructure management. He has a master's degree in information technology from Rochester Institute of Technology, and his IT certification list includes MCSE, MCT, and CCNA. Wolf authored MCSE Supporting and Maintaining NT Server 4.0 Exam Cram, Windows 2000 Enterprise Storage Solutions and Troubleshooting Microsoft Technologies, and he contributes frequently to Redmond Magazine and Windows IT Pro Magazine. Wolf also speaks at computer conferences across the nation.

This was last published in September 2006

Dig Deeper on Server management, sales and installation

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.