UCF STIG Viewer Logo

The Red Hat Enterprise Linux operating system must be configured so that the SSH daemon performs strict mode checking of home directory configuration files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-204600 RHEL-07-040450 SV-204600r603261_rule Medium
Description
If other users have access to modify user-specific SSH configuration files, they may be able to log on to the system as another user.
STIG Date
Red Hat Enterprise Linux 7 Security Technical Implementation Guide 2022-09-12

Details

Check Text ( C-4724r88992_chk )
Verify the SSH daemon performs strict mode checking of home directory configuration files.

The location of the "sshd_config" file may vary if a different daemon is in use.

Inspect the "sshd_config" file with the following command:

# grep -i strictmodes /etc/ssh/sshd_config

StrictModes yes

If "StrictModes" is set to "no", is missing, or the returned line is commented out, this is a finding.
Fix Text (F-4724r88993_fix)
Uncomment the "StrictModes" keyword in "/etc/ssh/sshd_config" (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor) and set the value to "yes":

StrictModes yes

The SSH service must be restarted for changes to take effect.