Enable the OpenSSH Service
An XCCDF Rule
Description
The SSH server service, sshd, is commonly needed.
The sshd
service can be enabled with the following command:
$ sudo systemctl enable sshd.service
Rationale
Without protection of the transmitted information, confidentiality, and
integrity may be compromised because unprotected communications can be
intercepted and either read or altered.
This checklist item applies to both internal and external networks and all types
of information system components from which information can be transmitted (e.g., servers,
mobile devices, notebook computers, printers, copiers, scanners, etc). Communication paths
outside the physical protection of a controlled boundary are exposed to the possibility
of interception and modification.
- ID
- xccdf_org.ssgproject.content_rule_service_sshd_enabled
- Severity
- Medium
- References
- Updated
Remediation - script:kickstart
service enable sshd
Remediation - Ansible
- name: Enable the OpenSSH Service - Enable service sshd
block:
- name: Gather the package facts
package_facts:
manager: auto
Remediation - Puppet
include enable_sshd
class enable_sshd {
service {'sshd':
enable => true,
ensure => 'running',
Remediation - OS Build Blueprint
[customizations.services]
enabled = ["sshd"]
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'sshd.service'
"$SYSTEMCTL_EXEC" start 'sshd.service'