RHEL 9 SSHD must accept public key authentication.

An XCCDF Rule

Description

<VulnDiscussion>Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. A DOD CAC with DOD-approved PKI is an example of multifactor authentication. Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-257983r943032_rule
Severity: Medium
References: CCI-000765 CCI-000766 CCI-000767 CCI-000768
Updated: 8 months ago

To configure the system add or modify the following line in "/etc/ssh/sshd_config".

PubkeyAuthentication yes

Restart the SSH daemon for the settings to take effect:
$ sudo systemctl restart sshd.service

RHEL 9 SSHD must accept public key authentication.

Description

Remediation - Manual Procedure