STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Nutanix Acropolis GPOS Security Technical Implementation Guide

V-279628

CAT II (Medium)

Nutanix OS must install and use SSH for remote access.

Rule ID

SV-279628r1192513_rule

STIG

Nutanix Acropolis GPOS Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-002420CCI-002422CCI-001941CCI-002420CCI-000197CCI-001941

Discussion

Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, for example, during aggregation, at protocol transformation points, and during packing/unpacking. These unauthorized disclosures or modifications compromise the confidentiality or integrity of the information. Ensuring the confidentiality of transmitted information requires the operating system to take measures in preparing information for transmission. This can be accomplished via access control and encryption. Satisfies: SRG-OS-000425-GPOS-00189, SRG-OS-000074-GPOS-00042, SRG-OS-000425-GPOS-00189, SRG-OS-000113-GPOS-00058, SRG-OS-000426-GPOS-00190, SRG-OS-000112-GPOS-00057

Check Content

Verify Nutanix OS has SSH loaded and active using the following command.

Note: The default Protocol version of the ssh daemon is 2, which provides the necessary mitigations to prevent replay attacks.

$ sudo systemctl status sshd
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Tue 2015-11-17 15:17:22 EST; 4 weeks 0 days ago
Main PID: 1348 (sshd)
CGroup: /system.slice/sshd.service
1053 /usr/sbin/sshd -D

If "sshd" does not show a status of "active" and "running", this is a finding.

If the "SSH server" package is not installed, this is a finding.

Fix Text

However, Nutanix AOS has the OpenSSH-Server package preinstalled as part of its base package set. If the package is not installed, some corruption has taken place and the CVM must be rebuilt.

Configure SSH to meet DOD standard, if already installed on the OS instance. 

1. For AOS, configure SSH, then restart the SSH for the changes to take effect using the following command.

$ sudo salt-call state.sls security/CVM/sshdCVM
$ sudo systemctl restart sshd

2. For Prism Central, configure SSH, then restart the SSH for the changes to take effect using the following command.

$ sudo salt-call state.sls security/PCVM/sshdPCVM
$ sudo systemctl restart sshd

3. For Files, configure SSH, then restart the SSH for the changes to take effect using the following command.

$ sudo salt-call state.sls security/AFS/sshdAFS
$ sudo systemctl restart sshd

4. For AHV configure SSH, then restart the SSH for the changes to take effect using the following command.

$ sudo salt-call state.sls security/KVM/sshdKVM
$ sudo systemctl restart sshd