Detections
Analytics
RHEL-10-700600 - RHEL 10 must be configured so that SSHD accepts public key authentication.
Information
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. A DOD common access card (CAC) with DOD-approved PKI is an example of multifactor authentication.OpenSSH uses the first occurrence of a keyword it sees, and drop-in files are read in lexicographical order at the start of the configuration. Red Hat recommends using drop-in files rather than changing base configuration files.
Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055
Solution
Configure RHEL 10 to accept public key authentication.In "/etc/ssh/sshd_config.d", create a drop file that will lexicographically precede 50-redhat.conf and add the following line:
PubkeyAuthentication yes
Restart the SSH daemon with the following command for the settings to take effect:
$ sudo systemctl restart sshd.service
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-2(1), 800-53|IA-2(2), CAT|II, CCI|CCI-000765, CCI|CCI-000766, Rule-ID|SV-281263r1184763_rule, STIG-ID|RHEL-10-700600, Vuln-ID|V-281263
Plugin: Unix
Control ID: bbca6602cd5edec657b5af200a038983c48261f9c695445309c3f97d4f762edb