Detections
Analytics
RHEL-10-700500 - RHEL 10 must be configured so that Secure Shell (SSH) public host key files have mode "0644" or less permissive.
Information
If a public host key file is modified by an unauthorized user, the SSH service may be compromised.Solution
Configure RHEL 10 SSH public host key files to have mode "0644" or less permissive.Change the mode of public host key files under "/etc/ssh" to "0644" with the following command:
$ sudo chmod 0644 /etc/ssh/*key.pub
Restart the SSH daemon with the following command for the changes to take effect:
$ sudo systemctl restart sshd.service
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: SYSTEM AND INFORMATION INTEGRITY
References: 800-53|SI-6a., CAT|II, CCI|CCI-002696, Rule-ID|SV-281253r1184654_rule, STIG-ID|RHEL-10-700500, Vuln-ID|V-281253
Plugin: Unix
Control ID: 2b7e74e5c20a43f5141f1acf2c5c2454f7af28190e7dc61b573cb1b7637be035