The Photon operating system must use OpenSSH for remote maintenance sessions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-239139	PHTN-67-000068	SV-239139r856057_rule		Medium

Description
If the remote connection is not closed and verified as closed, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Remote connections must be disconnected and verified as disconnected when nonlocal maintenance sessions have been terminated and are no longer available for use. Satisfies: SRG-OS-000395-GPOS-00175, SRG-OS-000074-GPOS-00042, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058, SRG-OS-000120-GPOS-00061, SRG-OS-000125-GPOS-00065, SRG-OS-000425-GPOS-00189, SRG-OS-000426-GPOS-00190

Description

If the remote connection is not closed and verified as closed, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Remote connections must be disconnected and verified as disconnected when nonlocal maintenance sessions have been terminated and are no longer available for use. Satisfies: SRG-OS-000395-GPOS-00175, SRG-OS-000074-GPOS-00042, SRG-OS-000112-GPOS-00057, SRG-OS-000113-GPOS-00058, SRG-OS-000120-GPOS-00061, SRG-OS-000125-GPOS-00065, SRG-OS-000425-GPOS-00189, SRG-OS-000426-GPOS-00190

STIG	Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide	2022-09-27

Details

Check Text ( C-42350r675223_chk )
At the command line, execute the following command: # rpm -qa\|grep openssh If there is no output, this is a finding.

Fix Text (F-42309r675224_fix)
Installing openssh manually is not supported by VMware. Revert to a previous backup or redeploy the VCSA.