Detections
Analytics
GEN005500 - The SSH daemon must be configured to only use the SSHv2 protocol.
Information
SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system.Solution
Edit the configuration file and modify the Protocol line.Protocol 2
Restart sshd:
/sbin/init.d/secsh stop
/sbin/init.d/secsh start
See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7, CAT|I, CCI|CCI-001436, Rule-ID|SV-40862r1_rule, STIG-ID|GEN005500, Vuln-ID|V-4295
Plugin: Unix
Control ID: 04f9bc7ff1ee17f363e65c181108f6f2f7d27616793064532f1fe40878dfb9f7