Information
The IgnoreRhosts parameter specifies that existing .rhosts and .shosts files, which
may apply to application rather than user logins, will not be used in
RhostsRSAAuthentication or HostbasedAuthentication.
Setting this parameter forces users to enter a password when authenticating with SSH.
Solution
Perform the following to implement the recommended state-# awk '/^IgnoreRhosts/ { $2 = 'yes' }
{ print }' /etc/ssh/sshd_config > /etc/ssh/sshd_config.CIS
# mv /etc/ssh/sshd_config.CIS /etc/ssh/sshd_config
# svcadm restart svc-/network/sshThis action will only set the IgnoreRhosts line if it already exists in the file to ensure that it
is set to the proper value. If the IgnoreRhosts line does not exist in the file, the default
setting of Yes is automatically used, so no additional changes are needed.