Details

The recommendation is to edit the /etc/ssh/sshd_config file to ensure that privilege separation is enabled.

Setting privilege separation helps to secure remote ssh access. Once a user is authenticated the sshd daemon creates a child process which has the privileges of the authenticated user and this then handles incoming network traffic. The aim of this is to prevent privilege escalation through the initial root process.

Solution

Edit the /etc/ssh/sshd_config file to ensure that privilege separation is enabled-

vi /etc/ssh/sshd_config

Replace-

UsePrivilegeSeparation no

With-

UsePrivilegeSeparation yes

Re-cycle the sshd daemon to pick up the configuration changes-

stopsrc -s sshd
startsrc -s sshd

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/528

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

• 800-53|AC-6(10)

Source

• Tenable.com/audits