UCF STIG Viewer Logo

The Photon operating system must configure sshd with a specific ListenAddress.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239126 PHTN-67-000055 SV-239126r675186_rule Medium
Description
Without specifying a ListenAddress, sshd will listen on all interfaces. In situations with multiple interfaces, this may not be intended behavior and could lead to offering remote access on an unapproved network.
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-06-17

Details

Check Text ( C-42337r675184_chk )
At the command line, execute the following command:

# sshd -T|&grep -i ListenAddress

If the ListenAddress is not configured to the VCSA management IP, this is a finding.
Fix Text (F-42296r675185_fix)
Open /etc/ssh/sshd_config with a text editor.

Ensure that the "ListenAddress" line is uncommented and set to a valid local IP:

Example:

ListenAddress 169.254.1.2

Replace "169.254.1.2" with the management address of the VCSA.

At the command line, execute the following command:

# service sshd reload