STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:SV-204599r603261_rule
V-204599
SRG-OS-000364-GPOS-00151
RHEL-07-040440
CAT II
10
Uncomment the "KerberosAuthentication" keyword in "/etc/ssh/sshd_config" (this file may be named differently or be in a different location if using a version of SSH that is provided by a third-party vendor) and set the value to "no":
KerberosAuthentication no
The SSH service must be restarted for changes to take effect.
If Kerberos authentication is required, it must be documented, to include the location of the configuration file, with the ISSO.
Verify the SSH daemon does not permit Kerberos to authenticate passwords unless approved.
Check that the SSH daemon does not permit Kerberos to authenticate passwords with the following command:
# grep -i kerberosauth /etc/ssh/sshd_config
KerberosAuthentication no
If the "KerberosAuthentication" keyword is missing, or is set to "yes" and is not documented with the Information System Security Officer (ISSO), or the returned line is commented out, this is a finding.
V-204599
False
RHEL-07-040440
Verify the SSH daemon does not permit Kerberos to authenticate passwords unless approved.
Check that the SSH daemon does not permit Kerberos to authenticate passwords with the following command:
# grep -i kerberosauth /etc/ssh/sshd_config
KerberosAuthentication no
If the "KerberosAuthentication" keyword is missing, or is set to "yes" and is not documented with the Information System Security Officer (ISSO), or the returned line is commented out, this is a finding.
M
2899