The SSH daemon must restrict login ability to specific users and/or groups.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22470 | GEN005521 | SV-35052r1_rule | ECLP-1 | Medium |
| Description |
|---|
| Restricting SSH logins to a limited group of users, such as system administrators, prevents password guessing and other SSH attacks from reaching system accounts and other accounts not authorized for SSH access. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2017-01-27 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-30228r1_fix) |
|---|
| Edit the SSH daemon configuration and add the appropriate keyword directive(s) and space-separated user/group names. The keyword order of precedence is as follows: DenyUsers, AllowUsers, DenyGroups, AllowGroups |