Check: RHEL-08-010100
RHEL 8 STIG:
RHEL-08-010100
(in versions v2 r1 through v1 r1)
Title
RHEL 8, for certificate-based authentication, must enforce authorized access to the corresponding private key. (Cat II impact)
Discussion
If an unauthorized user obtains access to a private key without a passcode, that user would have unauthorized access to any system where the associated public key has been installed.
Check Content
Verify the SSH private key files have a passcode. For each private key stored on the system, use the following command: $ sudo ssh-keygen -y -f /path/to/file If the contents of the key are displayed, this is a finding.
Fix Text
Create a new private and public key pair that utilizes a passcode with the following command: $ sudo ssh-keygen -n [passphrase]
Additional Identifiers
Rule ID: SV-230230r1017049_rule
Vulnerability ID: V-230230
Group Title: SRG-OS-000067-GPOS-00035
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000186 |
For public key-based authentication, enforce authorized access to the corresponding private key. |
Controls
Number | Title |
---|---|
IA-5(2) |
Pki-based Authentication |