The “nutanix” user is a system-level account required by the platform for internal operations, automation, cluster communication, and support access. It cannot be deleted or renamed. Nutanix security guidelines state:
“The correct method to prevent password-based SSH access for system accounts is to use Cluster Lockdown mode, which disables password authentication and enforces key-based access for all system-level CVM accounts.”
Cluster Lockdown modifies SSH configuration across all CVMs, ensuring:
password authentication is disabled
only key-based authentication is permitted
privileged system accounts such as ‘nutanix’ cannot log in interactively
Blocking port 22 is not appropriate because it would block SSH entirely, including legitimate administrative access. The “nutanix” user cannot be renamed or removed due to system dependency.
Thus, enabling Cluster Lockdown is the proper Nutanix-approved method to remove password-based SSH access for system accounts.
