PHTN-67-000055 - The Photon operating system must configure sshd with a specific ListenAddress.
Information
Without specifying a ListenAddress, sshd will listen on all interfaces. In situations with multiple interfaces, this may not be intended behavior and could lead to offering remote access on an unapproved network.Solution
Open /etc/ssh/sshd_config with a text editor.Ensure that the 'ListenAddress' line is uncommented and set to a valid local IP:
Example:
ListenAddress 169.254.1.2
Replace '169.254.1.2' with the management address of the VCSA.
At the command line, execute the following command:
# service sshd reload
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M04_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 6.7 Photon OS v1r3
Category: ACCESS CONTROL
References: 800-53|AC-17(1), CAT|II, CCI|CCI-002314, Rule-ID|SV-239126r675186_rule, STIG-ID|PHTN-67-000055, Vuln-ID|V-239126
Plugin: Unix
Control ID: ab2a6a92d022e8c3b0675a64e16a50790706d8325e3d9ea3cc1606364c500129