An error occurred:

Check: GEN005500

Solaris 10 X86 STIG: GEN005500 (in versions v2 r4 through v1 r17)

Title

The SSH daemon must be configured to only use the SSHv2 protocol. (Cat I impact)

Discussion

SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system.

Check Content

Check the SSH daemon configuration for allowed protocol versions. # grep -i protocol /etc/ssh/sshd_config | grep -v '^#' If the variables Protocol 2,1 or Protocol 1 are defined on a line without a leading comment, this is a finding.

Fix Text

Edit the configuration file and modify the Protocol line to look like: Protocol 2 Reload sshd: kill -HUP <PID of sshd>

Additional Identifiers

Rule ID: SV-220108r854460_rule

Vulnerability ID: V-220108

Group Title: SRG-OS-000112

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001941

Implement replay-resistant authentication mechanisms for access to privileged accounts and/or non-privileged accounts.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
IA-2(8)

Access to Accounts — Replay Resistant