Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Guide to the Secure Configuration of Red Hat Enterprise Linux 8
Services
System Security Services Daemon
Configure SSSD to Expire SSH Known Hosts
Configure SSSD to Expire SSH Known Hosts
An XCCDF Rule
Details
Profiles
Prose
Configure SSSD to Expire SSH Known Hosts
Medium Severity
SSSD should be configured to expire keys from known SSH hosts after
seconds. To configure SSSD to known SSH hosts, set
ssh_known_hosts_timeout
to
under the
[ssh]
section in
/etc/sssd/sssd.conf
. For example:
[ssh] ssh_known_hosts_timeout =