STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SSH daemon must be configured to use only the SSHv2 protocol.

DISA Rule

SV-219560r603263_rule

Vulnerability Number

V-219560

Group Title

SRG-OS-000074

Rule Version

OL6-00-000227

Severity

CAT I

CCI(s)

CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

Fix Recommendation

Only SSH protocol version 2 connections should be permitted. The default setting in "/etc/ssh/sshd_config" is correct, and can be verified by ensuring that the following line appears:

Protocol 2

Check Contents

To check which SSH protocol version is allowed, run the following command:

# grep Protocol /etc/ssh/sshd_config

If configured properly, output should be

Protocol 2

If it is not, this is a finding.

Vulnerability Number

V-219560

Documentable

False

Rule Version

OL6-00-000227

Severity Override Guidance

Check Content Reference

Target Key

2928

The SSH daemon must be configured to use only the SSHv2 protocol.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments