Check: GEN005500
SOLARIS 9 SPARC STIG:
GEN005500
(in version v1 r12)
Title
The SSH daemon must be configured to only use the SSHv2 protocol. (Cat I impact)
Discussion
SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system.
Check Content
Fix Text
Edit the configuration file and modify the Protocol line to look like: Protocol 2 Reload sshd: kill -HUP <PID of sshd>
Additional Identifiers
Rule ID: SV-39817r1_rule
Vulnerability ID: V-4295
Group Title: GEN005500
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |