UCF STIG Viewer Logo

The SSH private host key files must have mode 0600 or less permissive.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22472 GEN005523 SV-26765r1_rule ECLP-1 Medium
Description
If an unauthorized user obtains the private SSH host key file, the host could be impersonated.
STIG Date
SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-27774r1_chk )
Check the permissions for SSH private host key files.
# ls -lL /etc/ssh/*key
If any file has a mode more permissive than 0600, this is a finding.
Fix Text (F-24015r1_fix)
Change the permissions for the SSH private host key files.
# chmod 0600 /etc/ssh/*key