Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-69229 | ZSSH0010 | SV-83851r1_rule | High |
Description |
---|
SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system. |
STIG | Date |
---|---|
z/OS TSS STIG | 2018-12-20 |
Check Text ( C-70035r1_chk ) |
---|
Locate the SSH daemon configuration file. May be found in /etc/ssh/ directory. Alternately: From UNIX System Services ISPF Shell navigate to ribbon select tools. Select option 1 - Work with Processes. If SSH Daemon is not active there is no finding. Examine SSH daemon configuration file. If the variables 'Protocol 2,1’ or ‘Protocol 1’ are defined on a line without a leading comment, this is a finding. |
Fix Text (F-75791r1_fix) |
---|
Edit the sshd_config file and set the "Protocol" setting to "2". |