RHEL 9 SSH daemon must not allow rhosts authentication.

An XCCDF Rule

Description

SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.

ID: SV-258005r1045069_rule
Version: RHEL-09-255145
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Configure the SSH daemon to not allow rhosts authentication.

Add the following line to "/etc/ssh/sshd_config" or to a file in "/etc/ssh/sshd_config.d", or uncomment the line and set the value to "yes":

IgnoreRhosts yes
The SSH service must be restarted for changes to take effect:

$ sudo systemctl restart sshd.service