UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The SSH daemon must limit connections to a single session.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22482 GEN005533 SV-46097r1_rule Low
Description
The SSH protocol has the ability to provide multiple sessions over a single connection without reauthentication. A compromised client could use this feature to establish additional sessions to a system without consent or knowledge of the user. Alternate per-connection session limits may be documented if needed for a valid mission requirement. Greater limits are expected to be necessary in situations where TCP or X11 forwarding are used.
STIG Date
SUSE Linux Enterprise Server v11 for System z 2016-12-20

Details

Check Text ( C-43354r1_chk )
Check the SSH daemon configuration for the MaxSessions setting.
# grep -i MaxSessions /etc/ssh/sshd_config | grep -v '^#'
If the setting is not present, or not set to "1", this is a finding.
Fix Text (F-39441r1_fix)
Edit the SSH daemon configuration and add or edit the "MaxSessions" setting value to "1".