UCF STIG Viewer Logo

The SSH private host key files must have mode 0600 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-226994 GEN005523 SV-226994r603265_rule Medium
Description
If an unauthorized user obtains the private SSH host key file, the host could be impersonated.
STIG Date
Solaris 10 SPARC Security Technical Implementation Guide 2020-12-04

Details

Check Text ( C-29156r485321_chk )
Check the permissions for SSH private host key files.
# ls -lL /etc/ssh/*key
If any file has a mode more permissive than 0600, this is a finding.
Fix Text (F-29144r485322_fix)
Change the permissions for the SSH private host key files.
# chmod 0600 /etc/ssh/*key