The macOS system must enable SSH server for remote access sessions.

STIG ID: APPL-14-000080  |  SRG: SRG-OS-000080-GPOS-00048 | Severity: medium |  CCI: CCI-000213,CCI-001942,CCI-002420,CCI-002422

Vulnerability Discussion

Remote access sessions must use encrypted methods to protect unauthorized
individuals from gaining access.

Satisfies:
SRG-OS-000080-GPOS-00048,SRG-OS-000113-GPOS-00058,SRG-OS-000425-GPOS-00189,SRG-OS-000426-GPOS-00190

Check

Verify the macOS system is configured to enable SSH server for remote access sessions
with the following command:

/bin/launchctl print-disabled system | /usr/bin/grep -c '"com.openssh.sshd" => enabled'

If the result is not "1", this is a finding.

Fix

Configure the macOS system to enable SSH server for remote access
sessions with the following command:

/bin/launchctl enable system/com.openssh.sshd
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.