AIX must setup SSH daemon to disable revoked public keys.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215293 | SRG-OS-000384-GPOS-00167 | AIX7-00-002110 | SV-215293r1009549_rule | 2024-08-16 | 3 |
| Description |
|---|
| Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates). |
| ℹ️ Check |
|---|
| If public keys are not used for SSH authentication, this is Not Applicable. Run the following command: # grep "^RevokedKeys" /etc/ssh/sshd_config RevokedKeys /etc/ssh/RevokedKeys.txt If the command does not find the "RevokedKeys" setting, or the value for "RevokedKeys" is set to "none", this is a finding. |
| ✔️ Fix |
|---|
| Obtain the file that contains all the public keys that need to be revoked from ISSO/SA and save the file in /etc/ssh/ directory. Edit the "/etc/ssh/sshd_config" file to allow "RevokedKeys" to point to the revoked key file obtained above. Restart the SSH daemon: # stopsrc -s sshd # startsrc -s sshd |