Skip to content

The Photon operating system must configure Secure Shell (SSH) to disallow Kerberos authentication.

An XCCDF Rule

Description

<VulnDiscussion>If Kerberos is enabled through SSH, sshd provides a means of access to the system's Kerberos implementation. Vulnerabilities in the system's Kerberos implementation may then be subject to exploitation. To reduce the attack surface of the system, the Kerberos authentication mechanism within SSH must be disabled.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-258877r991589_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "KerberosAuthentication" line is uncommented and set to the following: