OL6-00-000234 - The SSH daemon must ignore .rhosts files - 'IgnoreRhosts yes'

Information

SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.

Solution

SSH can emulate the behavior of the obsolete rsh command in allowing users to enable insecure access to their accounts via '.rhosts' files.

To ensure this behavior is disabled, add or correct the following line in '/etc/ssh/sshd_config':

IgnoreRhosts yes

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_6_V2R7_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(2), CAT|II, CCI|CCI-000766, Rule-ID|SV-208923r793709_rule, STIG-ID|OL6-00-000234, STIG-Legacy|SV-64785, STIG-Legacy|V-50579, Vuln-ID|V-208923

Plugin: Unix

Control ID: eb7899b4782e987adbd9490b47f7544919f3ad5c9e6e762f6fa989f372e8523b