Information
The recommendation is to remove both the /etc/shosts.equiv and /etc/rhosts.equiv file. This is a consequence of the recommendation to not use HostbasedAuthentification.
Rationale:
The recommendation is to not use HostbasedAuthentification unless there is a documented need already exists the logical consequence is to remove these files, if they exist, to lower the risk of accidental activation.
In any case - the file /etc/rhosts.equiv should be removed - period. (Note: This is also recommended elsewhere.)
Impact:
The file /etc/shosts.equiv, in combination with the OpenSSH sshd_config: HostbasedAuthentication, can allow passwordless authentication between servers.
Without HostbasedAuthentication the file /etc/shosts.equiv has no purpose.
Solution
Print (for review) and then remove the content of the /etc/[rs]hosts.equiv files:
for file in /etc/[rs]hosts.equiv; do
print '+++ ${file} +++'
/usr/bin/cat -n ${file}
/usr/bin/rm -f ${file}
done
Default Value:
N/A
Additional Information:
Reversion:
The /etc/shosts.equiv file would need to be restored from a backup or from the remediation log.
The file /etc/rhosts.equiv should not be restored.