5.1.24 Ensure sshd private key files have a passcode

Information

A private key is a file that helps to enable secure connections through encryption.

The operating system's certificate-based authentication must enforce authorized access to the corresponding private key.

If an unauthorized user obtains access to a private key without a passcode, that user would have unauthorized access to any system where the associated public key has been installed.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Run the following command to create a new private and public key pair that utilizes a passcode:

# ssh-keygen -n <passphrase>

See Also

https://workbench.cisecurity.org/benchmarks/19886

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, 800-53|IA-5(2), CSCv7|14.6

Plugin: Unix

Control ID: b5d612cbcbde8827eeb70cfe0d78c641b08b3085defe3db9f210c067b209fb83