Rule ID
SV-235803r960963_rule
Version
V2R2
CCIs
SSH server should not be running within the container. The user should instead use Universal Control Plane (UCP) to console in to running containers. Running SSH within the container increases the complexity of security management by making it: - Difficult to manage access policies and security compliance for SSH server - Difficult to manage keys and passwords across various containers - Difficult to manage security upgrades for SSH server - It is possible to have shell access to a container without using SSH, the needlessly increasing the complexity of security management should be avoided By default, SSH server is not running inside the container. Only one process per container is allowed.
This check only applies to the use of Docker Engine - Enterprise on a Linux host operating system and should be executed on all nodes in a Docker Enterprise cluster. Verify that no running containers have a process for SSH server. via CLI: for i in $(docker ps -qa); do echo $i; docker exec $i ps -el | grep -i sshd;done Container not running errors are not a finding. If running containers have a process for SSH server, this is a finding.
This fix only applies to the use of Docker Engine - Enterprise on a Linux host operating system and should be executed on all nodes in a Docker Enterprise cluster. Remove SSH packages from all Docker base images in use in the user's environment.