Ensure permissions set on ssh private key filesID: oval:org.secpod.oval:def:68703 | Date: (C)2021-01-31 (M)2023-12-20 |
Class: COMPLIANCE | Family: unix |
An SSH private key is one of two files used in SSH public key authentication. In this authentication method, The possession of the private key is proof of identity. Only a private key that corresponds to a public key will be able to authenticate successfully. The private keys need to be stored and handled carefully, and no copies of the private key should be distributed.
Rationale:
If an unauthorized user obtains the private SSH host key file, the host could be impersonated