✎ 5.2.7 Ensure SSH HostbasedAuthentication is disabled (Scored) [SecScan]

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.

======5.2.7 Ensure SSH HostbasedAuthentication is disabled (Scored)======
=====Profile Applicability=====  
<code>
Level 1 - Server
Level 1 - Workstation 
</code>

=====Description=====
The ''HostbasedAuthentication'' parameter specifies if authentication is allowed through trusted hosts via the user of ''.rhosts'', or ''/etc/hosts.equiv'', along with successful public key client host authentication. This option only applies to SSH Protocol Version 2.

=====Rationale=====
Even though the ''.rhosts'' files are ineffective if support is disabled in ''/etc/pam.conf'', disabling the ability to use ''.rhosts'' files in SSH provides an additional layer of protection.

=====Audit===== 
Run the following command and verify that output matches:
<Code:bash>
# grep "^HostbasedAuthentication" /etc/ssh/sshd_config 
HostbasedAuthentication no
</Code>

=====Remediation===== 
Edit the ''/etc/ssh/sshd_config'' file to set the parameter as follows:
<Code:bash>
HostbasedAuthentication no
</Code>