The Photon operating system must configure sshd to disallow Kerberos authentication.

An XCCDF Rule

Details
Profiles

Description

If Kerberos is enabled through Secure Shell (SSH), sshd provides a means of access to the system's Kerberos implementation. Vulnerabilities in the system's Kerberos implementation may then be subject to exploitation. To reduce the attack surface of the system, the Kerberos authentication mechanism within SSH must be disabled.

ID: SV-256551r991589_rule
Version: PHTN-30-000082
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "KerberosAuthentication" line is uncommented and set to the following:
KerberosAuthentication no

At the command line, run the following command:

# systemctl restart sshd.service

The Photon operating system must configure sshd to disallow Kerberos authentication.

Description

Remediation Templates

A Manual Procedure