Detections
Analytics

1.218 RHEL-09-255080

Information

RHEL 9 must not allow a noncertificate trusted host SSH logon to the system.

GROUP ID: V-257992
RULE ID: SV-257992r1045047

SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.

Solution

To configure RHEL 9 to not allow a noncertificate trusted host SSH logon to the system, add or modify the following line in "/etc/ssh/sshd_config" or in a file in "/etc/ssh/sshd_config.d".

HostbasedAuthentication no

Restart the SSH daemon for the settings to take effect:

$ sudo systemctl restart sshd.service

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-257992r1045047_rule, STIG-ID|RHEL-09-255080, Vuln-ID|V-257992

Plugin: Unix

Control ID: 87660efcb760353e345ae5ed9892f327a49adc8001b7b39213e7adb326aacc35