5.2.19 Ensure SSH warning banner is configured

Information

The Banner parameter specifies a file whose contents must be sent to the remote user
before authentication is permitted. By default, no banner is displayed.

Rationale:

Banners are used to warn connecting users of the particular site's policy regarding
connection. Presenting a warning message prior to the normal user login may assist the
prosecution of trespassers on the computer system.

Solution

Edit the /etc/ssh/sshd_config file to set the parameter as follows:

Banner /etc/issue.net

See Also

https://workbench.cisecurity.org/files/2420

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv6|5.1, CSCv7|5.1

Plugin: Unix

Control ID: be85d3dd466c7108b64e5fdf952291d53dd2bc0e1f85c82ccf3bf04c87ac1aa7