ESXI-06-000013 - The SSH daemon must not allow host-based authentication.

Gavin M. Dennis

22 April 2022 15:15

Details

SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.

Solution

SSH's cryptographic host-based authentication is more secure than '.rhosts' authentication, since hosts are cryptographically authenticated. However, it is not recommended that hosts unilaterally trust one another, even within an organization.

Add or correct the following line in '/etc/ssh/sshd_config':

HostbasedAuthentication no

Supportive Information

The following resource is also helpful.

http://iasecontent.disa.mil/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
Group-ID|V-63195
Rule-ID|SV-77685r1_rule
STIG-ID|ESXI-06-000013
Vuln-ID|V-63195

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section