STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX SSH server must use SSH Protocol 2.

DISA Rule

SV-215289r508663_rule

Vulnerability Number

V-215289

Group Title

SRG-OS-000033-GPOS-00014

Rule Version

AIX7-00-002104

Severity

CAT II

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

10

Fix Recommendation

Add or edit the following line in the "/etc/ssh/sshd_config" file to support "Protocol 2" only:
Protocol 2

Save the change to /etc/ssh/sshd_config

Restart ssh daemon:
# stopsrc -s sshd
# startsrc -s sshd

Check Contents

From the command prompt, run the following command:
# grep ^Protocol /etc/ssh/sshd_config

The above command should yield the following output:
Protocol 2

If the above command does not show the ssh server supporting "Protocol 2" only, this is a finding.

Vulnerability Number

V-215289

Documentable

False

Rule Version

AIX7-00-002104

Severity Override Guidance

From the command prompt, run the following command:
# grep ^Protocol /etc/ssh/sshd_config

The above command should yield the following output:
Protocol 2

If the above command does not show the ssh server supporting "Protocol 2" only, this is a finding.

Check Content Reference

M

Target Key

4012

Comments