An error occurred:

Check: ZSSH0010

zOS RACF STIG: ZSSH0010 (in versions v6 r43 through v6 r30)

Title

The SSH daemon must be configured to only use the SSHv2 protocol. (Cat I impact)

Discussion

SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system.

Check Content

Locate the SSH daemon configuration file. May be found in /etc/ssh/ directory. Alternately: From UNIX System Services ISPF Shell navigate to ribbon select tools. Select option 1 - Work with Processes. If SSH Daemon is not active there is no finding. Examine SSH daemon configuration file. If the variables 'Protocol 2,1’ or ‘Protocol 1’ are defined on a line without a leading comment, this is a finding.

Fix Text

Edit the sshd_config file and set the "Protocol" setting to "2".

Additional Identifiers

Rule ID: SV-83851r1_rule

Vulnerability ID: V-69229

Group Title: ZSSH0010

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check