RHEL 8, for certificate-based authentication, must enforce authorized access to the corresponding private key.

Quick Actions

We are continuing to improve Stigviewer and we are planning on rolling out new services in the near future. Would you like to be part of the conversation on what those features should be? If so, click here.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-230230	RHEL-08-010100	SV-230230r1069287_rule		Medium

Description

If an unauthorized user obtains access to a private key without a passcode, that user would have unauthorized access to any system where the associated public key has been installed.

STIG	Date
Red Hat Enterprise Linux 8 Security Technical Implementation Guide	2025-03-26

Details

Check Text (C-32899r1069182_chk)

Verify the SSH private key files have a passcode.

For each private key stored on the system, use the following command:

$ sudo ssh-keygen -y -f /path/to/file
Enter passphrase:

If the contents of the key are displayed, this is a finding.

Fix Text (F-32874r1069183_fix)

Create a new private and public key pair that utilizes a passcode with the following command:

$ sudo ssh-keygen -p -f /path/to/file

STIG VIEWER