The Photon operating system must configure sshd to disallow HostbasedAuthentication.

An XCCDF Rule

Description

Secure Shell (SSH) trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled.

ID: SV-256584r991591_rule
Version: PHTN-30-000115
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "HostbasedAuthentication" line is uncommented and set to the following:
HostbasedAuthentication no

At the command line, run the following command:

# systemctl restart sshd.service