Check: GEN005500
Solaris 9 X86 STIG:
GEN005500
(in version v1 r9)
Title
The SSH daemon must be configured to only use the SSHv2 protocol. (Cat I impact)
Discussion
SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system.
Check Content
Check the SSH daemon configuration for allowed protocol versions. # grep -i protocol /etc/ssh/sshd_config | grep -v '^#' If the variables Protocol 2,1 or Protocol 1 are defined on a line without a leading comment, this is a finding.
Fix Text
Edit the configuration file and modify the Protocol line to look like: Protocol 2 Reload sshd: kill -HUP <PID of sshd>
Additional Identifiers
Rule ID: SV-39817r1_rule
Vulnerability ID: V-4295
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001436 |
The organization disables organization-defined networking protocols within the information system deemed to be nonsecure except for explicitly identified components in support of specific operational requirements. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |