UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The SSH daemon must limit connections to a single session.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22482 GEN005533 SV-26776r1_rule ECSC-1 Low
Description
The SSH protocol has the ability to provide multiple sessions over a single connection without reauthentication. A compromised client could use this feature to establish additional sessions to a system without consent or knowledge of the user. Alternate per-connection session limits may be documented if needed for a valid mission requirement. Greater limits are expected to be necessary in situations where TCP or X11 forwarding are used.
STIG Date
VMware ESX 3 Server 2016-05-13

Details

Check Text ( C-27784r1_chk )
Check the SSH daemon configuration for the MaxSessions setting.
# grep -i MaxSessions /etc/ssh/sshd_config | grep -v '^#'
If the setting is not present, or not set to 1, this is a finding.
Fix Text (F-24026r1_fix)
Edit the SSH daemon configuration and add or edit the MaxSessions setting value to 1.