5.2.2 Ensure permissions on SSH private host key files are configured

Information

An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key that corresponds to a public key will be able to authenticate successfully. The private keys need to be stored and handled carefully, and no copies of the private key should be distributed.

Rationale:

If an unauthorized user obtains the private SSH host key file, the host could be impersonated

Solution

Run the following commands to set ownership and permissions on the private SSH host key files

# find /etc/ssh -xdev -type f -name 'ssh_host_*_key' -exec chown root:root {} ;

# find /etc/ssh -xdev -type f -name 'ssh_host_*_key' -exec chmod 0600 {} ;

See Also

https://workbench.cisecurity.org/files/2619

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv6|3.1, CSCv7|5.1

Plugin: Unix

Control ID: 40be84053064f2fa52a2b9a5570a34a77a9d843e16439ba0532ae386d9551d59