Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The SSH daemon must be configured to only use the SSHv2 protocol.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-72251 | RHEL-07-040390 | SV-86875r2_rule | High |
| Description |
|---|
| SSHv1 is an insecure implementation of the SSH protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system. Satisfies: SRG-OS-000074-GPOS-00042, SRG-OS-000480-GPOS-00227 |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 7 Security Technical Implementation Guide | 2017-07-08 |
Details
| Check Text ( C-72485r1_chk ) |
|---|
| Verify the SSH daemon is configured to only use the SSHv2 protocol. Check that the SSH daemon is configured to only use the SSHv2 protocol with the following command: # grep -i protocol /etc/ssh/sshd_config Protocol 2 #Protocol 1,2 If any protocol line other than "Protocol 2" is uncommented, this is a finding. |
| Fix Text (F-78605r2_fix) |
|---|
| Remove all Protocol lines that reference version "1" in "/etc/ssh/sshd_config" (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor). The "Protocol" line must be as follows: Protocol 2 The SSH service must be restarted for changes to take effect. |