An error occurred:

Check: OSX00170 M6

MACOSX 10.6: OSX00170 M6 (in version v1 r3)

Title

Login Grace Time must be securely configured in /etc/sshd_config. (Cat III impact)

Discussion

This setting controls the time allowed to authenticate over an ssh connection. It is recommended the value be set to 30 seconds or less. By allowing a connection to stay open for longer periods of time could allow an attacker to take advantage of the port.

Check Content

Open a terminal session and enter the following command. more /etc/sshd_config Ensure the value "LoginGraceTime" is set to 30 or less. If the value "LoginGraceTime" is not set to 30 or less, this is a finding. NOTE: If the value is set to "0", this is a finding.

Fix Text

Open a terminal session and enter the following command. sudo pico /etc/sshd_config Edit the value "LoginGraceTime" and set it to "30". Save the file.

Additional Identifiers

Rule ID: SV-38526r1_rule

Vulnerability ID: V-25274

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check