The scan fails because permissions should be 0640 for the private key. If
they are not set to 0640, this prevents sshd from generating keys.
On Thu, Sep 20, 2018 at 8:40 AM, Dushyant Uge <duge(a)redhat.com> wrote:
Hello Team,
One of our customer raised concern that --
The rule going wrong are:
xccdf_org.ssgproject.content_rule_file_permissions_sshd_private_key
xccdf_org.ssgproject.content_rule_file_permissions_sshd_pub_key
On the customer's system, the correct permissions seen --
Red Hat Enterprise Linux Server release 7.5 (Maipo)
openssh-server-7.4p1-16.el7.x86_64
openscap-1.2.16-6.el7.x86_64
- 640 for public key files (*.pub)
- 600 for private key files (*_key)
Output of ls –l /etc/ssh
-rw-r--r--. 1 root root 581843 Nov 24 2017 moduli
-rw-r--r--. 1 root root 2276 Nov 24 2017 ssh_config
-rw-------. 1 root root 4026 Sep 4 14:20 sshd_config
-rw-------. 1 root ssh_keys 241 Sep 4 14:20 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 162 Sep 4 14:20 ssh_host_ecdsa_key.pub
-rw-------. 1 root ssh_keys 1704 Sep 4 14:20 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 Sep 4 14:20 ssh_host_rsa_key.pub
-rw-r--r--. 1 root root 2548 Sep 4 14:20 ssh_known_hosts
Please find attached screenshot and suggest.
Warm Regards,
Dushyant Uge
Red Hat Global Support
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.
fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave@
lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/scap-
security-guide(a)lists.fedorahosted.org