Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-69237 | ZSSH0050 | SV-83859r1_rule | Medium |
Description |
---|
The use of SAF Key Rings for key storage enforces organizational access control policies and assures the protection of cryptographic keys in storage. |
STIG | Date |
---|---|
z/OS ACF2 STIG | 2018-04-04 |
Check Text ( C-70111r1_chk ) |
---|
Locate the SSH daemon configuration file. May be found in /etc/ssh/ directory. Alternately: From UNIX System Services ISPF Shell navigate to ribbon select tools. Select option 1 - Work with Processes. If SSH Daemon is not active there is no finding. Examine the file. Ensure the following are either not coded or commented out: #HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key #HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key Locate the z/OS-specific sshd server system-wide configuration file. zos_sshd_config May be found in /etc/ssh/ directory. Ensure that a HostKeyRingLabel line is coded and not commented out. If either of the above is not true this is a finding. |
Fix Text (F-75867r1_fix) |
---|
Configure the SSH Daemon configuration file with the following statements Ensure that the following is either not coded or comment out. #HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key #HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key Configure the zos_sshd_config with the HostKeyRingLabel Statement. Example: HostKeyRingLabel="SSHDAEM/SSHDring my label" |