STIGQter: STIG Summary: Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Ubuntu operating system must enforce SSHv2 for network access to all accounts.

DISA Rule

SV-219308r610963_rule

Vulnerability Number

V-219308

Group Title

SRG-OS-000112-GPOS-00057

Rule Version

UBTU-18-010412

Severity

CAT I

CCI(s)

• CCI-001941 - The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.
• CCI-001942 - The information system implements replay-resistant authentication mechanisms for network access to non-privileged accounts.

Weight

10

Fix Recommendation

Configure the Ubuntu operating system to enforce SSHv2 for network access to all accounts.

Add or update the following line in the "/etc/ssh/sshd_config" file:

Protocol 2

Restart the ssh service.

# systemctl restart sshd.service

Check Contents

Verify that the Ubuntu operating system enforces SSH protocol 2 for network access.

Check the protocol versions that SSH allows with the following command:

# grep Protocol /etc/ssh/sshd_config

Protocol 2

If the returned line allows for use of protocol "1", is commented out, or the line is missing, this is a finding.

Vulnerability Number

V-219308

Documentable

False

Rule Version

UBTU-18-010412

Severity Override Guidance

Verify that the Ubuntu operating system enforces SSH protocol 2 for network access.

Check the protocol versions that SSH allows with the following command:

# grep Protocol /etc/ssh/sshd_config

Protocol 2

If the returned line allows for use of protocol "1", is commented out, or the line is missing, this is a finding.

Check Content Reference

M

Target Key

4055

Comments