Catalina - Disable SSH Server for Remote Access Sessions

Information

SSH service _MUST_ be disabled for remote access.

Remote access sessions _MUST_ use FIPS validated encrypted methods to protect unauthorized individuals from gaining access.

Solution

[source,bash]
----
/bin/launchctl disable system/com.openssh.sshd
----

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-3, 800-53|AC-17, 800-53|CM-7, 800-53|CM-7(1), 800-53|IA-2(8), CCE|CCE-84920-8

Plugin: Unix

Control ID: 6708b3f800389866d184a661c117ea13b1ee6709ae4fa2b4fd45476211d45925