GEN005500 - The SSH daemon must be configured to only use the SSHv2 protocol.

Information

SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. Exploits of the SSH daemon could provide immediate root access to the system.

Solution

Edit the configuration file and modify the Protocol line.

Protocol 2

Restart sshd:

/sbin/init.d/secsh stop
/sbin/init.d/secsh start

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(8), CAT|I, CCI|CCI-001436, Group-ID|V-4295, Rule-ID|SV-40862r2_rule, STIG-ID|GEN005500, Vuln-ID|V-4295

Plugin: Unix

Control ID: f7f31dba60f66201c1372f4bccf56fd96a5600db712644ecfcc8535498e30127