Detections
Analytics

5.2.5 Ensure sshd Banner is configured

Information

The Banner parameter specifies a file whose contents must be sent to the remote user before authentication is permitted. By default, no banner is displayed.

More information about the openSSH server configuration is available in the "Configure SSH Server" section overview.

Banners are used to warn connecting users of the particular site's policy regarding connection. Presenting a warning message prior to the normal user login may assist the prosecution of trespassers on the computer system.

Not having a properly configured SSH banner, or leaving it at the default value, can expose an organization to legal and compliance risks by failing to provide users with necessary access policies or warnings about unauthorized access. It may violate regulations requiring user acknowledgment of system usage rules, reduce security awareness, and leave systems vulnerable to malicious or unintended access.

Solution

- Edit the /etc/ssh/sshd_config file to set the Banner parameter above any Match entries as follows:

Banner /etc/issue.net
 - Edit the file being called by the Banner argument with the appropriate contents according to your site policy, remove any instances of \m, \r, \s, \v or references to the OS platform

Example:

# printf '%s\n' "Authorized users only. All activity may be monitored and reported." > "$(sshd -T | awk '$1 == "banner" {print $2}')"

See Also

https://workbench.cisecurity.org/benchmarks/25279

Item Details

Category: CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|IA-5

Plugin: Unix

Control ID: ba2025577709f8c89e187b89e8aaa4471a4c8016664dca6ed59b5df92453cd85