OpenSSH Service Must Use Passcode for Their Private Keys
An XCCDF Rule
Description
Verify the SSH private key files have a passcode. For each private key stored on the system, use the following command:
$ sudo ssh-keygen -y -f /path/to/fileIf the contents of the key are displayed, without asking a passphrase this is a finding.
Rationale
If an unauthorized user obtains access to a private key without a passcode, that user would have unauthorized access to any system where the associated public key has been installed.
- ID
- xccdf_org.ssgproject.content_rule_ssh_private_keys_have_passcode
- Severity
- Medium
- Updated