SV-50413r1_rule
V-38612
SRG-OS-000106
RHEL-06-000236
CAT II
10
SSH's cryptographic host-based authentication is more secure than ".rhosts" authentication, since hosts are cryptographically authenticated. However, it is not recommended that hosts unilaterally trust one another, even within an organization.
To disable host-based authentication, add or correct the following line in "/etc/ssh/sshd_config":
HostbasedAuthentication no
To determine how the SSH daemon's "HostbasedAuthentication" option is set, run the following command:
# grep -i HostbasedAuthentication /etc/ssh/sshd_config
If no line, a commented line, or a line indicating the value "no" is returned, then the required value is set.
If the required value is not set, this is a finding.
V-38612
False
RHEL-06-000236
To determine how the SSH daemon's "HostbasedAuthentication" option is set, run the following command:
# grep -i HostbasedAuthentication /etc/ssh/sshd_config
If no line, a commented line, or a line indicating the value "no" is returned, then the required value is set.
If the required value is not set, this is a finding.
M
2367