8.2 Enable a Warning Banner for the SSH Service - Banner = /etc/issue

Information

The contents of the Banner string in the /etc/ssh/sshd_config file are sent to the remote user before authentication is allowed, requiring that the user read the legal caution.

Solution

Perform the following to implement the recommended state:
# awk '/^#Banner/ { $1 = "Banner" } { print }' /etc/ssh/sshd_config > /etc/ssh/sshd_config.CIS # mv /etc/ssh/sshd_config.CIS /etc/ssh/sshd_config # svcadm restart svc:/network/ssh

See Also

https://workbench.cisecurity.org/files/611

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-8a.

Plugin: Unix

Control ID: 7dd9851eb3cf8339df32f33323700b812a00475b15e7276539fea6a1a5da3538