The Red Hat Enterprise Linux operating system must be configured so that the SSH private host key files have mode 0640 or less permissive.

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>If an unauthorized user obtains the private SSH host key file, the host could be impersonated.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-204597r880743_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Configure the mode of SSH private host key files under "/etc/ssh" to "0640" with the following command:

# chmod 0640 /path/to/file/ssh_host*key

The Red Hat Enterprise Linux operating system must be configured so that the SSH private host key files have mode 0640 or less permissive.

Description

Remediation - Manual Procedure