Check: GEN005501
SOLARIS 9 SPARC STIG:
GEN005501
(in version v1 r12)
Title
The SSH client must be configured to only use the SSHv2 protocol. (Cat II impact)
Discussion
SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH client could provide access to the system with the privileges of the user running the client.
Check Content
Fix Text
Edit the /etc/ssh/ssh_config file and add or edit a Protocol configuration line that does not allow versions less than 2.
Additional Identifiers
Rule ID: SV-26749r1_rule
Vulnerability ID: V-22456
Group Title: GEN005501
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |