STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 23 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft Windows Server 2025 Security Technical Implementation Guide

V-285314

CAT II (Medium)

Windows Server 2025 OpenSSH must display the Standard Mandatory DOD Notice and Consent Banner before granting remote access to the system via an OpenSSH logon.

Rule ID

SV-285314r1211170_rule

STIG

Microsoft Windows Server 2025 Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000048CCI-001384CCI-001385CCI-001386CCI-001387CCI-001388

Discussion

The warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers. Alternatively, systems whose ownership should not be obvious must ensure usage of a banner that does not provide easy attribution. Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00089

Check Content

If OpenSSH is not installed on the system, this requirement is not applicable.

Verify any SSH connection to the system displays the Standard Mandatory DOD Notice and Consent Banner before granting access to the system.

Check for the location of the banner file being used with the following command:

C:\ > Get-Content "$env:ProgramData\ssh\sshd_config" | Select-String -Pattern '^\s*Banner'

Banner C:\ProgramData\ssh\Banner.txt

If "Banner" is set to "none", the line is commented out, or the line is missing, this is a finding.

Fix Text

To configure the system, add or modify the following line in the "$env:ProgramData/ssh/sshd_config" file.

An example configuration line is:

Banner C:\ProgramData\ssh\Banner.txt

Restart the OpenSSH service for the settings to take effect.