ESXI-06-000021 – The SSH daemon must not allow compression or must only allow compression after successful authentication.

Details

If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.

Solution

To set the Compression setting, add or correct the following line in ‘/etc/ssh/sshd_config’:

Compression no

Supportive Information

The following resource is also helpful.

http://iasecontent.disa.mil/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
CSCv6|3.1
Group-ID|V-63211
Rule-ID|SV-77701r1_rule
STIG-ID|ESXI-06-000021
Vuln-ID|V-63211

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles