The Photon operating system must configure Secure Shell (SSH) to ignore user-specific trusted hosts lists.

An XCCDF Rule

Details
Profiles

Description

SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled. Individual users can have a local list of trusted remote machines, which must also be ignored while disabling host-based authentication generally.

ID: SV-258880r991589_rule
Version: PHTN-40-000217
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/ssh/sshd_config

Ensure the "IgnoreRhosts" line is uncommented and set to the following:
IgnoreRhosts yes

At the command line, run the following command:

# systemctl restart sshd.service

The Photon operating system must configure Secure Shell (SSH) to ignore user-specific trusted hosts lists.

Description

Remediation Templates

A Manual Procedure