6.1.7 Set SSH RhostsAuthentication to no - Check if RhostsAuthentication is set to no and not commented for the server.

Information

The RhostsAuthentication parameter specifies if authentication using rhosts or /etc/hosts.equiv is permitted. The default is no.

Note - If you will be editing all the SSH parameters, use the script in section 6.1 Configure SSH.

Solution

Edit the /etc/ssh/sshd_config file to set the parameter as follows-
awk '/^RhostsAuthentication/ { $2 = 'no' } { print }' /etc/ssh/sshd_config > /etc/ssh/sshd_config.new
/usr/bin/mv /etc/ssh/sshd_config.new /etc/ssh/sshd_config
/usr/sbin/pkgchk -f -n -p /etc/ssh/sshd_config
/usr/sbin/svcadm restart svc:/network/ssh

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-14a., 800-53|IA-5

Plugin: Unix

Control ID: cc13e52fa5ff3e85cd9fd61f4a96f2a522c9223fb6d9d607020238f8f0c33ad0