Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ======5.2.7 Ensure SSH HostbasedAuthentication is disabled (Scored)====== =====Profile Applicability===== <code> Level 1 - Server Level 1 - Workstation </code> =====Description===== The ''HostbasedAuthentication'' parameter specifies if authentication is allowed through trusted hosts via the user of ''.rhosts'', or ''/etc/hosts.equiv'', along with successful public key client host authentication. This option only applies to SSH Protocol Version 2. =====Rationale===== Even though the ''.rhosts'' files are ineffective if support is disabled in ''/etc/pam.conf'', disabling the ability to use ''.rhosts'' files in SSH provides an additional layer of protection. =====Audit===== Run the following command and verify that output matches: <Code:bash> # grep "^HostbasedAuthentication" /etc/ssh/sshd_config HostbasedAuthentication no </Code> =====Remediation===== Edit the ''/etc/ssh/sshd_config'' file to set the parameter as follows: <Code:bash> HostbasedAuthentication no </Code> ubuntu1604/5/2/7.txt Last modified: 2017/05/04 11:30by 127.0.0.1