← Rules Catalog
mediumaccess-controlverified rollback-safe

Set permissions on SSH public host keys

ssh-public-key-permissions · RHEL ≥ 8 · 1 impl

Description

SSH public host key files must have appropriate permissions to prevent unauthorized modification. The public keys under /etc/ssh/ are used by clients to verify the server's identity and must not be writable by unprivileged users.

Rationale

If an attacker can modify a server's SSH public host key files, they can replace them with keys whose corresponding private keys they control. Clients that trust the modified public key would then accept connections to an attacker-controlled server, enabling man-in-the-middle interception of credentials and session data.

Check → Remediate

Checkcommand
find /etc/ssh/ssh_host_*_key.pub -type f \( ! -perm 644 -o ! -user root -o ! -group root \) 2>/dev/null | head -1
expected_exit:
0
Remediatefile_permissions
path:
/etc/ssh/ssh_host_*_key.pub
owner:
root
group:
root
mode:
0644
glob:
ssh_host_*_key.pub

Framework references

CIS

rhel10 5.1.3rhel8 5.1.5rhel9 5.1.3

STIG

V-281253 / RHEL-10-700500V-230286 / RHEL-08-010480V-258001 / RHEL-09-255125

NIST 800-53

AC-6SC-28

Live verification

rhel10:checkrhel8:checkrhel9:check
#ssh#file-permissions#host-keys