Detections
Analytics
GEN005501 - The SSH client must be configured to only use the SSHv2 protocol.
Information
SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH client could provide access to the system with the privileges of the user running the client.Solution
Edit the /etc/ssh/ssh_config file and add or edit a Protocol configuration line that does not allow versions less than 2.See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7, CAT|II, CCI|CCI-001436, Rule-ID|SV-39209r1_rule, STIG-ID|GEN005501, Vuln-ID|V-22456
Plugin: Unix
Control ID: 170f00693f1d2fb68c6dce003a861983ab901cf682dd9f83983397d27103ace0