Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The AIX SSH daemon must be configured to not use host-based authentication.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-91747 | AIX7-00-002122 | SV-101845r1_rule | Medium |
| Description |
|---|
| SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts. |
| STIG | Date |
|---|---|
| IBM AIX 7.x Security Technical Implementation Guide | 2020-02-24 |
Details
| Check Text ( C-90901r3_chk ) |
|---|
| Check the SSH daemon configuration for allowed host-based authentication using command: # grep -i HostbasedAuthentication /etc/ssh/sshd_config | grep -v '^#' HostbasedAuthentication no If no lines are returned, or the returned "HostbasedAuthentication" directive contains "yes", this is a finding. |
| Fix Text (F-97945r1_fix) |
|---|
| Edit "/etc/ssh/sshd_config" and add or update the "HostbasedAuthentication" line as: HostbasedAuthentication no Save the change and restart ssh daemon: # stopsrc -s sshd # startsrc -s sshd |