Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-230287 | RHEL-08-010490 | SV-230287r627750_rule | Medium |
Description |
---|
If an unauthorized user obtains the private SSH host key file, the host could be impersonated. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 8 Security Technical Implementation Guide | 2021-03-04 |
Check Text ( C-32956r567607_chk ) |
---|
Verify the SSH private host key files have mode "0640" or less permissive with the following command: $ sudo ls -l /etc/ssh/ssh_host*key -rw------- 1 root ssh_keys 668 Nov 28 06:43 ssh_host_dsa_key -rw------- 1 root ssh_keys 582 Nov 28 06:43 ssh_host_key -rw------- 1 root ssh_keys 887 Nov 28 06:43 ssh_host_rsa_key If any private host key file has a mode more permissive than "0640", this is a finding. |
Fix Text (F-32931r567608_fix) |
---|
Configure the mode of SSH private host key files under "/etc/ssh" to "0640" with the following command: $ sudo chmod 0640 /etc/ssh/ssh_host*key The SSH daemon must be restarted for the changes to take effect. To restart the SSH daemon, run the following command: $ sudo systemctl restart sshd.service |