Skip to content

Verify the SSH Private Key Files Have a Passcode

An XCCDF Rule

Description

When creating SSH key pairs, always use a passcode.
You can create such keys with the following command:

$ sudo ssh-keygen -n [passphrase]
Oracle Linux 9, for certificate-based authentication, must enforce authorized access to the corresponding private key.

Rationale

If an unauthorized user obtains access to a private key without a passcode, that user would have unauthorized access to any system where the associated public key has been installed.

ID
xccdf_org.ssgproject.content_rule_ssh_keys_passphrase_protected
Severity
Medium
References
Updated