Detections
Analytics
GEN005501 - The SSH client must be configured to only use the SSHv2 protocol.
Information
SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH client could provide access to the system with the privileges of the user running the client.Solution
Edit the /etc/ssh/ssh_config file and add or edit a 'Protocol' configuration line not allowing versions less than 2.See Also
http://iasecontent.disa.mil/stigs/zip/U_RedHat_5_V1R18_STIG.zip
Item Details
Category: ACCESS CONTROL
References: 800-53|AC-17(8), CAT|II, CCI|CCI-001436, Group-ID|V-22456, Rule-ID|SV-37820r1_rule, STIG-ID|GEN005501, Vuln-ID|V-22456
Plugin: Unix
Control ID: 294b9255d8b80a5d7e35777138aff4dc52d3ad66fe3086862869a94c75e23b83