Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of OpenEmbedded
Services
SSH Server
Configure OpenSSH Server if Necessary
Disable GSSAPI Authentication
Disable GSSAPI Authentication
An XCCDF Rule
Details
Profiles
Prose
Disable GSSAPI Authentication
Medium Severity
Unless needed, SSH should not permit extraneous or unnecessary authentication mechanisms like GSSAPI.
The default SSH configuration disallows authentications based on GSSAPI. The appropriate configuration is used if no value is set for
GSSAPIAuthentication
.
To explicitly disable GSSAPI authentication, add or correct the following line in
/etc/ssh/sshd_config
:
GSSAPIAuthentication no