SV-204600r603261_rule
V-204600
SRG-OS-000480-GPOS-00227
RHEL-07-040450
CAT II
10
Uncomment the "StrictModes" keyword in "/etc/ssh/sshd_config" (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor) and set the value to "yes":
StrictModes yes
The SSH service must be restarted for changes to take effect.
Verify the SSH daemon performs strict mode checking of home directory configuration files.
The location of the "sshd_config" file may vary if a different daemon is in use.
Inspect the "sshd_config" file with the following command:
# grep -i strictmodes /etc/ssh/sshd_config
StrictModes yes
If "StrictModes" is set to "no", is missing, or the returned line is commented out, this is a finding.
V-204600
False
RHEL-07-040450
Verify the SSH daemon performs strict mode checking of home directory configuration files.
The location of the "sshd_config" file may vary if a different daemon is in use.
Inspect the "sshd_config" file with the following command:
# grep -i strictmodes /etc/ssh/sshd_config
StrictModes yes
If "StrictModes" is set to "no", is missing, or the returned line is commented out, this is a finding.
M
2899