GEN005524 - The SSH daemon must not permit GSSAPI authentication unless needed.

Information

GSSAPI authentication is used to provide additional authentication mechanisms to applications. Allowing GSSAPI authentication through SSH exposes the system's GSSAPI to remote hosts, increasing the attack surface of the system. GSSAPI authentication must be disabled unless needed.

Solution

Edit the SSH daemon configuration and set (add if necessary) a 'GSSAPIAuthentication' directive set to 'no'.

Restart the SSH daemon.
# /sbin/service sshd restart

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Rule-ID|SV-218609r603259_rule, STIG-ID|GEN005524, STIG-Legacy|SV-63877, STIG-Legacy|V-22473, Vuln-ID|V-218609

Plugin: Unix

Control ID: 44ac773d4104c715e308bf75b8ecafb579b31c29c927281d54b274262bd2c262