UCF STIG Viewer Logo

The SSH daemon must be configured to only use the SSHv2 protocol.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69229 ZSSH0010 SV-83851r1_rule High
Description
SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system.
STIG Date
z/OS ACF2 STIG 2019-12-12

Details

Check Text ( C-70035r1_chk )
Locate the SSH daemon configuration file.
May be found in /etc/ssh/ directory.
Alternately:
From UNIX System Services ISPF Shell navigate to ribbon select tools.
Select option 1 - Work with Processes.

If SSH Daemon is not active there is no finding.

Examine SSH daemon configuration file. If the variables 'Protocol 2,1’ or ‘Protocol 1’ are defined on a line without a leading comment, this is a finding.
Fix Text (F-75791r1_fix)
Edit the sshd_config file and set the "Protocol" setting to "2".