RHEL 9 must not allow a noncertificate trusted host SSH logon to the system.

An XCCDF Rule

Details
Profiles
Prose

Description

<VulnDiscussion>SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-257992r991591_rule
Severity: Medium
References: CCI-000366
Updated: 17 days ago

To configure RHEL 9 to not allow a noncertificate trusted host SSH logon to the system add or modify the following line in "/etc/ssh/sshd_config".

HostbasedAuthentication no

Restart the SSH daemon for the settings to take effect:
$ sudo systemctl restart sshd.service

RHEL 9 must not allow a noncertificate trusted host SSH logon to the system.

Description

Remediation - Manual Procedure