AIX must setup SSH daemon to disable revoked public keys.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215293 | SRG-OS-000384-GPOS-00167 | AIX7-00-002110 | SV-215293r1009549_rule | 2026-02-06 | 3 |
Description
Without configuring a local cache of revocation data, there is the potential to allow access to users who are no longer authorized (users with revoked certificates).
ℹ️ Check
If public keys are not used for SSH authentication, this is Not Applicable.
Run the following command:
# grep "^RevokedKeys" /etc/ssh/sshd_config
RevokedKeys /etc/ssh/RevokedKeys.txt
If the command does not find the "RevokedKeys" setting, or the value for "RevokedKeys" is set to "none", this is a finding.
✔️ Fix
Obtain the file that contains all the public keys that need to be revoked from ISSO/SA and save the file in /etc/ssh/ directory.
Edit the "/etc/ssh/sshd_config" file to allow "RevokedKeys" to point to the revoked key file obtained above.
Restart the SSH daemon:
# stopsrc -s sshd
# startsrc -s sshd