RHEL 9 SSHD must accept public key authentication.

An XCCDF Rule

Description

Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. A DOD common access card (CAC) with DOD-approved PKI is an example of multifactor authentication. Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055

ID: SV-257983r1045024_rule
Version: RHEL-09-255035
Severity: Medium
References: CCI-000765 CCI-000766 CCI-000767 CCI-000768
Updated: about 2 months ago

Remediation Templates

To configure the system, add or modify the following line in "/etc/ssh/sshd_config" or in a file in "/etc/ssh/sshd_config.d".

PubkeyAuthentication yes

Restart the SSH daemon for the settings to take effect:

$ sudo systemctl restart sshd.service

RHEL 9 SSHD must accept public key authentication.

Description

Remediation Templates

A Manual Procedure