Detections
Analytics
RHEL-09-255035 - RHEL 9 SSHD must accept public key authentication.
Information
Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. A DOD common access card (CAC) with DOD-approved PKI is an example of multifactor authentication.Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPOS-00054, SRG-OS-000108-GPOS-00055
Solution
To configure the system, add or modify the following line in "/etc/ssh/sshd_config" or in a file in "/etc/ssh/sshd_config.d".PubkeyAuthentication yes
Restart the SSH daemon for the settings to take effect:
$ sudo systemctl restart sshd.service
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_9_V2R8_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 9 STIG v2r8
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-2(1), 800-53|IA-2(2), 800-53|IA-2(3), 800-53|IA-2(4), CAT|II, CCI|CCI-000765, CCI|CCI-000766, CCI|CCI-000767, CCI|CCI-000768, Rule-ID|SV-257983r1045024_rule, STIG-ID|RHEL-09-255035, Vuln-ID|V-257983
Plugin: Unix
Control ID: 98aeeb0cc0142f56f213c7b53d27bca1c5f52ddd2c48d77a30b526aeeab86343