UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The rhost-based authentication for SSH must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216353 SOL-11.1-040350 SV-216353r603267_rule Medium
Description
Setting this parameter forces users to enter a password when authenticating with SSH.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2021-03-01

Details

Check Text ( C-17589r371147_chk )
Determine if rhost-based authentication is enabled.

# grep "^IgnoreRhosts" /etc/ssh/sshd_config

If the output is produced and it is not:

IgnoreRhosts yes

this is a finding.

If the IgnoreRhosts line does not exist in the file, the default setting of "Yes" is automatically used and there is no finding.
Fix Text (F-17587r371148_fix)
The root role is required.

Modify the sshd_config file

# pfedit /etc/ssh/sshd_config

Locate the line containing:

IgnoreRhosts

Change it to:

IgnoreRhosts yes

Restart the SSH service.

# svcadm restart svc:/network/ssh


This action will only set the IgnoreRhosts line if it already exists in the file to ensure that it is set to the proper value. If the IgnoreRhosts line does not exist in the file, the default setting of "Yes" is automatically used, so no additional changes are needed.