6.1.8 Set SSH RhostsRSAAuthentication to no - Check if RhostsRSAAuthentication is set to no and not commented for the server.

Information

The RhostsRSAAuthentication parameter specifies if rhosts or /etc/hosts.equiv authentication together with successful RSA host authentication is permitted. The default is no.

Note that this parameter only applies to SSH protocol version 1.

Note - If you will be editing all the SSH parameters, use the script in section 6.1 Configure SSH.

Solution

Edit the /etc/ssh/sshd_config file to set the parameter as follows-
awk '/^ RhostsRSAAuthentication/ { $2 = 'no' } { print }' /etc/ssh/sshd_config > /etc/ssh/sshd_config.new
/usr/bin/mv /etc/ssh/sshd_config.new /etc/ssh/sshd_config
/usr/sbin/pkgchk -f -n -p /etc/ssh/sshd_config
/usr/sbin/svcadm restart svc:/network/ssh

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-14a., 800-53|SC-13

Plugin: Unix

Control ID: c9ced48293e5a7d1389156c1c9c93b4b52f9f6a8ee8ceefa2917caa318da2866