After upgrading to 7.0.3 Build 19482537 and ins...

Hi Robbie.

Yes we have seen this and it is due to a newer version of OpenSSH in 7,0 U3d that now rejects options with no arguments such as "AcceptEnv" and as a result sshd exits immediately after starting. This setting is no longer part of our STIG content in 7.0 but was not removed yet at the time this VIB was created so it still contains it.

In this scenario I would advise on removing the STIG VIB since it is technically no longer needed since 7.0 U2 as all settings it would set are the default now or are configurable through other means such as in the UI/PowerCLI and no longer require manual configuration from the CLI.

Is there a way to tackle root login over SSH via PowerCLI? That's the only parameter for 7.0 U3 that isn't compliant out of the box, and it's a Cat I.

No there's not a PowerCLI way to audit or fix sshd settings at the moment. PermitRootLogin is a CAT III. If you are looking at the latest 7.0 STIG Readiness content we found an issue after posting that with the tool used to generate the content where CAT I's and CAT III's were swapped.

Oh well... in that case... :)
Also, is there an appropriate avenue to provide feedback to the 7.0 STIG Readiness content? We found a couple of things we wanted to report back for consideration.

Sure you can open an issue on github or email stigs@vmware.com.

Awesome. This was some good info. I wish I would have read the comments prior to applying this VIB 7.0_1 to my systems that were at a Dell-customized 7.0.0U3-A004.
Definitely kills ssh with kex_exchange_identification problems. Good thing I had a set of test hosts. ISSOs.. what do they know.
Thanks for the thread!

Thanks for doing such a valuable discussion. As I was also facing the same issue for the http://researchpaperwriter.org/ website. But after ready every message of this discussion. I fixed the issue easily. Will definitely search here for every issue.