UCF STIG Viewer Logo

The AIX SSH server must use SSH Protocol 2.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215289 AIX7-00-002104 SV-215289r508663_rule Medium
Description
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. Remote access is access to DoD nonpublic information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network. Remote access methods include, for example, dial-up, broadband, and wireless. Encryption provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection (e.g., RDP), thereby providing a degree of confidentiality. The encryption strength of a mechanism is selected based on the security categorization of the information.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2022-06-06

Details

Check Text ( C-16487r294318_chk )
From the command prompt, run the following command:
# grep ^Protocol /etc/ssh/sshd_config

The above command should yield the following output:
Protocol 2

If the above command does not show the ssh server supporting "Protocol 2" only, this is a finding.
Fix Text (F-16485r294319_fix)
Add or edit the following line in the "/etc/ssh/sshd_config" file to support "Protocol 2" only:
Protocol 2

Save the change to /etc/ssh/sshd_config

Restart ssh daemon:
# stopsrc -s sshd
# startsrc -s sshd