STIGQter: STIG Summary: VMware ESX 3 Server Version: 1 Release: 2 Benchmark Date: 22 Jul 2016: The SSH daemon must be configured to only use the SSHv2 protocol.

DISA Rule

SV-4295r2_rule

Vulnerability Number

V-4295

Group Title

GEN005500

Rule Version

GEN005500

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Edit the configuration file and modify the Protocol line.

Protocol 2

Restart sshd:

/sbin/init.d/secsh stop
/sbin/init.d/secsh start

Check Contents

Examine the sshd configuration file.
cat /opt/ssh/etc/sshd_config | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v '^#' | grep -i "Protocol"

If Protocol 2,1 or Protocol 1 are defined on a line without a leading comment, this is a finding.

Vulnerability Number

V-4295

Documentable

False

Rule Version

GEN005500

Severity Override Guidance

Examine the sshd configuration file.
cat /opt/ssh/etc/sshd_config | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v '^#' | grep -i "Protocol"

If Protocol 2,1 or Protocol 1 are defined on a line without a leading comment, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

1386

Comments