If AIX SSH daemon is required, the SSH daemon must only listen on the approved listening IP addresses.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215306 | SRG-OS-000480-GPOS-00232 | AIX7-00-002124 | SV-215306r991593_rule | 2026-02-06 | 3 |
Description
The SSH daemon should only listen on the approved listening IP addresses. Otherwise the SSH service could be subject to unauthorized access.
ℹ️ Check
From the command prompt, run the following command to check if "ListenAddress" is defined in SSH config file:
# grep -i ListenAddress /etc/ssh/sshd_config | grep -v '^#'
ListenAddress 10.17.76.74
If no configuration is returned, or if a returned listen configuration contains addresses not permitted, this is a finding.
✔️ Fix
Edit the SSH daemon config file and add/modify the "ListenAddress" network addresses:
# vi /etc/ssh/sshd_config
Restart SSH daemon:
# stopsrc -s sshd
# startsrc -s sshd