UCF STIG Viewer Logo

The SSH daemon must be configured to use only the SSHv2 protocol.


Finding ID Version Rule ID IA Controls Severity
V-217994 RHEL-06-000227 SV-217994r505923_rule High
SSH protocol version 1 suffers from design flaws that result in security vulnerabilities and should not be used.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03


Check Text ( C-19475r376997_chk )
To check which SSH protocol version is allowed, run the following command:

# grep Protocol /etc/ssh/sshd_config

If configured properly, output should be

Protocol 2

If it is not, this is a finding.
Fix Text (F-19473r376998_fix)
Only SSH protocol version 2 connections should be permitted. The default setting in "/etc/ssh/sshd_config" is correct, and can be verified by ensuring that the following line appears:

Protocol 2