Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-22470 | GEN005521 | SV-37843r2_rule | Medium |
Description |
---|
Restricting SSH logins to a limited group of users, such as system administrators, prevents password-guessing and other SSH attacks from reaching system accounts and other accounts not authorized for SSH access. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2017-01-27 |
Check Text ( None ) |
---|
None |
Fix Text (F-32309r2_fix) |
---|
Edit the SSH daemon configuration and add an "AllowGroups" or "AllowUsers" directive specifying the groups and users allowed to have access. Restart the SSH daemon. # /sbin/service sshd restart Alternatively, modify the /etc/pam.d/sshd file to include the line account required pam_access.so accessfile= If the "accessfile" option is not specified the default "access.conf" file will be used. The "access.conf" file must contain the user restriction definitions. |