An error occurred:

Check: GEN005533

VMware ESX 3 Server: GEN005533 (in version v1 r2)

Title

The SSH daemon must limit connections to a single session. (Cat III impact)

Discussion

The SSH protocol has the ability to provide multiple sessions over a single connection without reauthentication. A compromised client could use this feature to establish additional sessions to a system without consent or knowledge of the user. Alternate per-connection session limits may be documented if needed for a valid mission requirement. Greater limits are expected to be necessary in situations where TCP or X11 forwarding are used.

Check Content

Check the SSH daemon configuration for the MaxSessions setting. # grep -i MaxSessions /etc/ssh/sshd_config | grep -v '^#' If the setting is not present, or not set to 1, this is a finding.

Fix Text

Edit the SSH daemon configuration and add or edit the MaxSessions setting value to 1.

Additional Identifiers

Rule ID: SV-26776r1_rule

Vulnerability ID: V-22482

Group Title: GEN005533

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000054

Limit the number of concurrent sessions for each organization-defined account and/or account type to an organization-defined number.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-10

Concurrent Session Control