UCF STIG Viewer Logo

The SSH daemon must be configured to only use the SSHv2 protocol.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4295 GEN005500 SV-39817r1_rule DCPP-1 ECSC-1 High
Description
SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system.
STIG Date
SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-38688r1_chk )
Check the SSH daemon configuration for allowed protocol versions.

# grep -i protocol /etc/ssh/sshd_config | grep -v '^#'

If the variables Protocol 2,1 or Protocol 1 are defined on a line without a leading comment, this is a finding.
Fix Text (F-34272r1_fix)
Edit the configuration file and modify the Protocol line to look like:

Protocol 2

Reload sshd:
kill -HUP