STIGQter: STIG Summary: Red Hat Enterprise Linux 8 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 23 Apr 2021:

RHEL 8 must force a frequent session key renegotiation for SSH connections by the client.

DISA Rule

SV-230528r627750_rule

Vulnerability Number

V-230528

Group Title

SRG-OS-000033-GPOS-00014

Rule Version

RHEL-08-040162

Severity

CAT II

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

10

Fix Recommendation

Configure the system to force a frequent session key renegotiation for SSH connections by the client by add or modifying the following line in the "/etc/ssh/ssh_config" file:

RekeyLimit 1G 1h

Restart the SSH daemon for the settings to take effect.

$ sudo systemctl restart sshd.service

Check Contents

Verify the SSH client is configured to force frequent session key renegotiation with the following command:

$ sudo grep -i RekeyLimit /etc/ssh/ssh_config

RekeyLimit 1G 1h

If "RekeyLimit" does not have a maximum data amount and maximum time defined, is missing or commented out, this is a finding.

Vulnerability Number

V-230528

Documentable

False

Rule Version

RHEL-08-040162

Severity Override Guidance

Verify the SSH client is configured to force frequent session key renegotiation with the following command:

$ sudo grep -i RekeyLimit /etc/ssh/ssh_config

RekeyLimit 1G 1h

If "RekeyLimit" does not have a maximum data amount and maximum time defined, is missing or commented out, this is a finding.

Check Content Reference

M

Target Key

2921

Comments