Navigate

Check: PHTN-30-000081

VMware vSphere 7.0 vCenter Appliance Photon OS STIG: PHTN-30-000081 (in versions v1 r4 through v1 r1)

Title

The Photon operating system must configure sshd to perform strict mode checking of home directory configuration files. (Cat II impact)

Discussion

If other users have access to modify user-specific Secure Shell (SSH) configuration files, they may be able to log on to the system as another user.

Check Content

At the command line, run the following command: # sshd -T|&grep -i StrictModes Expected result: StrictModes yes If the output does not match the expected result, this is a finding.

Fix Text

Navigate to and open: /etc/ssh/sshd_config Ensure the "StrictModes" line is uncommented and set to the following: StrictModes yes At the command line, run the following command: # systemctl restart sshd.service

Additional Identifiers

Rule ID: SV-256550r991589_rule

Vulnerability ID: V-256550

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000366	Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-6	Configuration Settings