Detections
Analytics
RHEL-09-255100 - RHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.Terminating network connections associated with communications sessions includes, for example, deallocating associated TCP/IP address/port pairs at the operating system level and deallocating networking assignments at the application level if multiple application sessions are using a single operating system-level network connection. This does not mean the operating system terminates all sessions or network access; it only ends the unresponsive session and releases the resources associated with that session.
RHEL 9 utilizes /etc/ssh/sshd_config for configurations of OpenSSH. Within the sshd_config, the product of the values of 'ClientAliveInterval' and 'ClientAliveCountMax' are used to establish the inactivity threshold. The 'ClientAliveInterval' is a timeout interval in seconds, after which if no data has been received from the client, sshd will send a message through the encrypted channel to request a response from the client. The 'ClientAliveCountMax' is the number of client alive messages that may be sent without sshd receiving any messages back from the client. If this threshold is met, sshd will disconnect the client. For more information on these settings and others, refer to the sshd_config man pages.
Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPOS-00109, SRG-OS-000395-GPOS-00175
Solution
Note: This setting must be applied in conjunction with RHEL-09-255095 to function correctly.Configure the SSH server to terminate a user session automatically after the SSH client has been unresponsive for 10 minutes.
Modify or append the following lines in the '/etc/ssh/sshd_config' file:
ClientAliveInterval 600
In order for the changes to take effect, the SSH daemon must be restarted.
$ sudo systemctl restart sshd.service
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/U_RHEL_9_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 9 STIG v1r1
References: CAT|II, CCI|CCI-000879, CCI|CCI-001133, CCI|CCI-002361, CCI|CCI-002891, Rule-ID|SV-257996r925975_rule, STIG-ID|RHEL-09-255100, Vuln-ID|V-257996
Plugin: Unix
Control ID: b93398bb8ee1da72858c56580bf0548bf80e3d1023fb74edda7f2e2dfee98eaf