UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

If AIX SSH daemon is required, the SSH daemon must only listen on the approved listening IP addresses.


Overview

Finding ID Version Rule ID IA Controls Severity
V-91773 AIX7-00-002124 SV-101871r1_rule Medium
Description
The SSH daemon should only listen on the approved listening IP addresses. Otherwise the SSH service could be subject to unauthorized access.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2019-04-29

Details

Check Text ( C-90927r3_chk )
From the command prompt, run the following command to check if "ListenAddress" is defined in SSH config file:

# grep -i ListenAddress /etc/ssh/sshd_config | grep -v '^#'
ListenAddress 10.17.76.74

If no configuration is returned, or if a returned listen configuration contains addresses not permitted, this is a finding.
Fix Text (F-97971r1_fix)
Edit the SSH daemon config file and add/modify the "ListenAddress" network addresses:
# vi /etc/ssh/sshd_config

Restart SSH daemon:
# stopsrc -s sshd
# startsrc -s sshd