Verify the SSH Private Key Files Have a Passcode

Description

When creating SSH key pairs, always use a passcode.
You can create such keys with the following command:

$ sudo ssh-keygen -n [passphrase]

Red Hat Enterprise Linux 8, for certificate-based authentication, must enforce authorized access to the corresponding private key.

Rationale

If an unauthorized user obtains access to a private key without a passcode, that user would have unauthorized access to any system where the associated public key has been installed.

ID: xccdf_org.ssgproject.content_rule_ssh_keys_passphrase_protected
Severity: Medium
References: SRG-OS-000067-GPOS-00035

RHEL-08-010100

SV-230230r627750_rule

CCE-90781-6
Updated: about 1 year ago