Revision 1.27Oct 24, 2023
Functional Update
- 5.2.10 Ensure SSH PermitUserEnvironment is disabled
- 5.2.11 Ensure SSH IgnoreRhosts is enabled
- 5.2.17 Ensure SSH warning banner is configured
- 5.2.18 Ensure SSH MaxAuthTries is set to 4 or less
- 5.2.19 Ensure SSH MaxStartups is configured
- 5.2.20 Ensure SSH MaxSessions is set to 10 or less
- 5.2.21 Ensure SSH LoginGraceTime is set to one minute or less
- 5.2.4 Ensure SSH access is limited
- 5.2.5 Ensure SSH LogLevel is appropriate
- 5.2.6 Ensure SSH PAM is enabled
- 5.2.7 Ensure SSH root login is disabled
- 5.2.8 Ensure SSH HostbasedAuthentication is disabled
- 5.2.9 Ensure SSH PermitEmptyPasswords is disabled
Added
- 5.2.13 Ensure only strong Ciphers are used
- 5.2.14 Ensure only strong MAC algorithms are used
- 5.2.15 Ensure only strong Key Exchange algorithms are used
- 5.2.22 Ensure SSH Idle Timeout Interval is configured
Removed
- 5.2.13 Ensure only strong Ciphers are used - approved ciphers
- 5.2.13 Ensure only strong Ciphers are used - weak ciphers
- 5.2.14 Ensure only strong MAC algorithms are used - approved MACs
- 5.2.14 Ensure only strong MAC algorithms are used - weak MACs
- 5.2.15 Ensure only strong Key Exchange algorithms are used - approved algorithms
- 5.2.15 Ensure only strong Key Exchange algorithms are used - weak algorithms
- 5.2.22 Ensure SSH Idle Timeout Interval is configured - 'ClientAliveCountMax'
- 5.2.22 Ensure SSH Idle Timeout Interval is configured - 'ClientAliveInterval'
