Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
AIX must setup SSH daemon to disable revoked public keys.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-215293 | AIX7-00-002110 | SV-215293r508663_rule | Medium |
| Description |
|---|
| Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates). |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2020-09-11 |
Details
| Check Text ( C-16491r294330_chk ) |
|---|
| If public keys are not used for SSH authentication, this is Not Applicable. Run the following command: # grep "^RevokedKeys" /etc/ssh/sshd_config RevokedKeys /etc/ssh/RevokedKeys.txt If the command does not find the "RevokedKeys" setting, or the value for "RevokedKeys" is set to "none", this is a finding. |
| Fix Text (F-16489r294331_fix) |
|---|
| Obtain the file that contains all the public keys that need to be revoked from ISSO/SA and save the file in /etc/ssh/ directory. Edit the "/etc/ssh/sshd_config" file to allow "RevokedKeys" to point to the revoked key file obtained above. Restart the SSH daemon: # stopsrc -s sshd # startsrc -s sshd |