RHEL 9 must not allow a noncertificate trusted host SSH logon to the system.
An XCCDF Rule
Description
SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.
- ID
- SV-257992r1045047_rule
- Version
- RHEL-09-255080
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
To configure RHEL 9 to not allow a noncertificate trusted host SSH logon to the system, add or modify the following line in "/etc/ssh/sshd_config" or in a file in "/etc/ssh/sshd_config.d".
HostbasedAuthentication no
Restart the SSH daemon for the settings to take effect:
$ sudo systemctl restart sshd.service