The Photon operating system must configure sshd with a specific ListenAddress.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239126 | PHTN-67-000055 | SV-239126r675186_rule | Medium |
| Description |
|---|
| Without specifying a ListenAddress, sshd will listen on all interfaces. In situations with multiple interfaces, this may not be intended behavior and could lead to offering remote access on an unapproved network. |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 Photon OS Security Technical Implementation Guide | 2022-01-03 |
Details
| Check Text ( C-42337r675184_chk ) |
|---|
| At the command line, execute the following command: # sshd -T|&grep -i ListenAddress If the ListenAddress is not configured to the VCSA management IP, this is a finding. |
| Fix Text (F-42296r675185_fix) |
|---|
| Open /etc/ssh/sshd_config with a text editor. Ensure that the "ListenAddress" line is uncommented and set to a valid local IP: Example: ListenAddress 169.254.1.2 Replace "169.254.1.2" with the management address of the VCSA. At the command line, execute the following command: # service sshd reload |