Applicable OS: Linux/SunOS/AIX/FreeBSD/HP-UX Dependent Service Credential: SSH Check Method: step1: Login the system. step2: Find certificate files in specified directory '/opt' and '/export'. File type: 'cer|crt|der|pem'. step3: Finde key fils ,File type : '.key | _key' . step3: Check each file to see whether its an un-encrpyted private Key . Vulnerability Detail: Private Key which is not encrpyted is considered to be unsafe. Vulnerability Source: ICSL Ticket/Red Line 2.0 The private key of the certificate is not encrypted, does not conform to safety regulations.
The private key of the certificate is not encrypted :
File: /etc/ssh/ssh_host_rsa_key
File: /etc/ssh/ssh_host_ecdsa_key
File: /etc/ssh/ssh_host_ed25519_key