Login Grace Time must be securely configured in /etc/sshd_config.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25274 | OSX00170 M6 | SV-38526r1_rule | ECSC-1 | Low |
| Description |
|---|
| This setting controls the time allowed to authenticate over an ssh connection. It is recommended the value be set to 30 seconds or less. By allowing a connection to stay open for longer periods of time could allow an attacker to take advantage of the port. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide | 2013-04-09 |
Details
| Check Text ( C-37739r1_chk ) |
|---|
| Open a terminal session and enter the following command. more /etc/sshd_config Ensure the value "LoginGraceTime" is set to 30 or less. If the value "LoginGraceTime" is not set to 30 or less, this is a finding. NOTE: If the value is set to "0", this is a finding. |
| Fix Text (F-32983r1_fix) |
|---|
| Open a terminal session and enter the following command. sudo pico /etc/sshd_config Edit the value "LoginGraceTime" and set it to "30". Save the file. |