The Photon operating system must configure sshd to disallow Kerberos authentication.

An XCCDF Rule

Description

<VulnDiscussion>If Kerberos is enabled through Secure Shell (SSH), sshd provides a means of access to the system's Kerberos implementation. Vulnerabilities in the system's Kerberos implementation may then be subject to exploitation. To reduce the attack surface of the system, the Kerberos authentication mechanism within SSH must be disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256551r887327_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "KerberosAuthentication" line is uncommented and set to the following:
KerberosAuthentication no

At the command line, run the following command:

# systemctl restart sshd.service

The Photon operating system must configure sshd to disallow Kerberos authentication.

Description

Remediation - Manual Procedure