AIX must setup SSH daemon to disable revoked public keys.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-215293 | AIX7-00-002110 | SV-215293r1009549_rule | CCI-004068 | medium |
| Description | ||||
| Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates). | ||||
| STIG | Date | |||
| IBM AIX 7.x Security Technical Implementation Guide | 2024-08-16 | |||
Details
Check Text (C-215293r1009549_chk)
If public keys are not used for SSH authentication, this is Not Applicable.
Run the following command:
# grep "^RevokedKeys" /etc/ssh/sshd_config
RevokedKeys /etc/ssh/RevokedKeys.txt
If the command does not find the "RevokedKeys" setting, or the value for "RevokedKeys" is set to "none", this is a finding.
Fix Text (F-16489r294331_fix)
Obtain the file that contains all the public keys that need to be revoked from ISSO/SA and save the file in /etc/ssh/ directory.
Edit the "/etc/ssh/sshd_config" file to allow "RevokedKeys" to point to the revoked key file obtained above.
Restart the SSH daemon:
# stopsrc -s sshd
# startsrc -s sshd