Check: ESXI-65-000011
VMware vSphere 6.5 ESXi STIG:
ESXI-65-000011
(in versions v2 r4 through v1 r1)
Title
The ESXi host SSH daemon must be configured to use only the SSHv2 protocol. (Cat I impact)
Discussion
SSH protocol version 1 suffers from design flaws that result in security vulnerabilities and should not be used. Only SSH protocol version 2 connections should be permitted.
Check Content
From an SSH session connected to the ESXi host, or from the ESXi shell, run the following command: # grep -i "^Protocol" /etc/ssh/sshd_config If there is no output or the output is not exactly "Protocol 2", this is a finding.
Fix Text
From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in "/etc/ssh/sshd_config": Add or correct the following line in "/etc/ssh/sshd_config": Protocol 2
Additional Identifiers
Rule ID: SV-207612r378610_rule
Vulnerability ID: V-207612
Group Title: SRG-OS-000033-VMM-000140
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000068 |
The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions. |
Controls
Number | Title |
---|---|
AC-17 (2) |
Protection Of Confidentiality / Integrity Using Encryption |