Check: ESXI-70-000026
VMware vSphere 7.0 ESXi STIG:
ESXI-70-000026
(in versions v1 r4 through v1 r1)
Title
The ESXi host Secure Shell (SSH) daemon must set a timeout count on idle sessions. (Cat III impact)
Discussion
Setting a timeout ensures that a user login will be terminated as soon as the "ClientAliveCountMax" is reached.
Check Content
From an ESXi shell, run the following command: # /usr/lib/vmware/openssh/bin/sshd -T|grep clientalivecountmax Expected result: clientalivecountmax 3 If the output does not match the expected result, this is a finding.
Fix Text
From an ESXi shell, add or correct the following line in "/etc/ssh/sshd_config": ClientAliveCountMax 3
Additional Identifiers
Rule ID: SV-256394r959010_rule
Vulnerability ID: V-256394
Group Title: SRG-OS-000480-VMM-002000
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
Implement the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |