5.1.3 Ensure permissions on SSH public host key files are configured

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

An SSH public key is one of two files used in SSH public key authentication. In this authentication method, a public key is a key that can be used for verifying digital signatures generated using a corresponding private key. Only a public key that corresponds to a private key will be able to authenticate successfully.

Rationale:

If a public host key file is modified by an unauthorized user, the SSH service may be compromised.

Solution

Run the following commands to set permissions and ownership on the SSH host public key files

# find /etc/ssh -xdev -type f -name 'ssh_host_*_key.pub' -exec chmod 0644 {} ;

#find /etc/ssh -xdev -type f -name 'ssh_host_*_key.pub' -exec chown root:root {} ;

See Also

https://workbench.cisecurity.org/files/3659