The Photon operating system must configure Secure Shell (SSH) to disallow HostbasedAuthentication.

An XCCDF Rule

Description

SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled.

ID: SV-258857r991591_rule
Version: PHTN-40-000188
Severity: High
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "HostbasedAuthentication" line is uncommented and set to the following:
HostbasedAuthentication no

At the command line, run the following command:

# systemctl restart sshd.service