STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 23 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Microsoft Windows Server 2025 Security Technical Implementation Guide

V-285320

CAT II (Medium)

The Windows Server 2025 OpenSSH configuration file must conform to minimum requirements.

Rule ID

SV-285320r1212175_rule

STIG

Microsoft Windows Server 2025 Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366

Discussion

Service configuration files enable or disable features of their respective services, which if configured incorrectly can lead to insecure and vulnerable configurations. Therefore, service configuration files must be owned by the correct group to prevent unauthorized changes.

Check Content

If OpenSSH is not installed on the system, this requirement is not applicable.

Verify the permissions of the "$env:ProgramData/ssh/sshd_config" file with the following command:

C:\ > icacls $env:ProgramData/ssh/sshd_config

c:\ProgramData\ssh NT AUTHORITY\SYSTEM:(OI)(CI)(F)
                                           BUILTIN\Administrators:(OI)(CI)(F)
                                           NT AUTHORITY\Authenticated Users:(OI)(CI)(RX)

Successfully processed 1 files; Failed processing 0 files

If the "/etc/ssh/sshd_config" file does not have the default permission as in the example output, this is a finding.

Fix Text

Maintain the permissions of the "$env:ProgramData/ssh/sshd_config" file as follows:

NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
NT AUTHORITY\Authenticated Users:(OI)(CI)(RX)