CCE-99400-4Platform: cpe:/o:debian:debian_linux:11.x, cpe:/o:ubuntu:ubuntu_linux:22.04, cpe:/o:ubuntu:ubuntu_linux:23.04 | Date: (C)2023-02-09 (M)2023-09-01 |
Description: The two options `ClientAliveInterval` and `ClientAliveCountMax` control the timeout of ssh sessions. When the `ClientAliveInterval` variable is set, ssh sessions that have no activity for the specified length of time are terminated. When the `ClientAliveCountMax` variable is set, `sshd` will send client alive messages at every `ClientAliveInterval` interval. When the number of consecutive client alive messages are sent with no response from the client, the `ssh` session is terminated. For example, if the `ClientAliveInterval` is set to 900 seconds and the `ClientAliveCountMax` is set to 0, the client `ssh` session will be terminated after 1800 seconds of idle time. Rationale: Having no timeout value associated with a connection could allow an unauthorized user access to another user's `ssh` session (e.g. user walks away from their computer and doesn't lock the screen). Setting a timeout value at least reduces the risk of this happening..While the recommended setting is 1800 seconds (30 minutes), set this timeout value based on site policy. The recommended setting for `ClientAliveCountMax` is 0. In this case, the client session will be terminated after 30 minutes of idle time and no keepalive messages will be sent. Audit: Run the following commands and verify `ClientAliveInterval` is 900 `ClientAliveCountMax` is 3 or less:# sshd -T | grep clientaliveintervalClientAliveInterval 1800# sshd -T | grep clientalivecountmaxClientAliveCountMax 0 Remediation: Edit the `/etc/ssh/sshd_config` file to set the parameters according to site policy:ClientAliveInterval 1800ClientAliveCountMax 0.
Parameter:
[time in seconds]
Technical Mechanism:
Edit the /etc/ssh/sshd_config file to set the parameter as follows:
ClientAliveInterval 15
ClientAliveCountMax 3
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.8 | Attack Vector: PHYSICAL |
Exploit Score: 0.9 | Attack Complexity: LOW |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:87264 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:92299 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:85177 |