Detections
Analytics
GEN005538 - The SSH daemon must not allow rhosts RSA authentication.
Information
If SSH permits rhosts RSA authentication, a user may be able to log in based on the keys of the host originating the request and not any user-specific authentication.Solution
Edit the /etc/ssh/sshd_config file and remove the RhostsRSAAuthentication setting or change the value of the RhostsRSAAuthentication setting to 'no'.See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: ACCESS CONTROL
References: 800-53|AC-14, CAT|II, CCI|CCI-000366, Rule-ID|SV-40722r1_rule, STIG-ID|GEN005538, Vuln-ID|V-22487
Plugin: Unix
Control ID: a528f620fb246f628f59770e418e92e0a7a2cb6a2f5280eda4f6f4404038a8b7