AlmaLinux OS 9 SSH public host key files must have mode 0644 or less permissive.
An XCCDF Rule
Description
If a public host key file is modified by an unauthorized user, the SSH service may be compromised. Whilst public keys are publicly readable, they should not be writeable by nonowners.
- ID
- SV-269266r1050148_rule
- Version
- ALMA-09-021030
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Change the mode of public host key files under "/etc/ssh" to "0644" with the following command:
$ chmod 0644 /etc/ssh/*key.pub
Restart the SSH daemon for the changes to take effect:
$ systemctl restart sshd.service