The Photon operating system must configure Secure Shell (SSH) to disallow Kerberos authentication.

An XCCDF Rule

Description

<VulnDiscussion>If Kerberos is enabled through SSH, sshd provides a means of access to the system's Kerberos implementation. Vulnerabilities in the system's Kerberos implementation may then be subject to exploitation. To reduce the attack surface of the system, the Kerberos authentication mechanism within SSH must be disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258877r933692_rule
Severity: Medium
References: CCI-000366
Updated: 8 months ago

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "KerberosAuthentication" line is uncommented and set to the following:
KerberosAuthentication no

At the command line, run the following command:

# systemctl restart sshd.service

The Photon operating system must configure Secure Shell (SSH) to disallow Kerberos authentication.

Description

Remediation - Manual Procedure