Detections
Analytics

5.2.3 Ensure access to SSH public host key files is configured

Information

An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key that corresponds to a private key will be able to authenticate successfully.

If a public host key file is modified by an unauthorized user, the SSH service may be compromised.

Solution

Update the access to the public keys being used by the open SSH server.

 - mode to 0644.
 - owner to the user root.
 - group owner to the group root.

Run the following script to update the access on the public keys used by the open SSH server:

#!/usr/bin/env bash

{
 l_sshd_cmd="$(readlink -e /usr/sbin/sshd || readlink -e /sbin/sshd)"
 l_keygen="$(readlink -e /usr/bin/ssh-keygen || readlink -e /bin/ssh-keygen)"
 while IFS= read -r l_file; do
 if "$l_keygen" -lf &>/dev/null "$l_file"; then
 chown root:root "$l_file"
 chmod 0644 "$l_file"
 fi
 done < <("$l_sshd_cmd" -T | awk '$1=="hostkey" {print $2".pub"}' 2>/dev/null)
}

See Also

https://workbench.cisecurity.org/benchmarks/25279

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|5.1

Plugin: Unix

Control ID: 88b3f804448a4cb47ef69dd2a3cc5f243b46e5e738a3d9c1d76d82bcb31441e2